This topic describes how to provision a VDB from an encrypted database.

This topic does not apply to vPDBs.

The Delphix Engine supports provisioning from a dSource linked to a physical database that has been encrypted with Oracle's Transparent Database Encryption (TDE), which can be used to encrypt columns or tablespaces

Provisioning a VDB from an encrypted dSource requires that you have an auto-open wallet set up in the target environment because the provisioning process requires the master key stored in the wallet file. You can either set up an auto-open wallet for the source database and copy the auto-open wallet files (both ewallet.p12 and cwallet.sso) to the target environment, or first copy the encryption wallet file (ewallet.p12) to the target environment, and then generate an auto-open wallet from the encryption wallet file.

When provisioning a VDB from an encrypted dSource, if the target environment has other databases that also use TDE, each database should use a different wallet. Please check Oracle documentation on how to set up different wallet locations for different databases. For example, you can use $ORACLE_SID in the DIRECTORY clause of the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora:



  1. Check for any encrypted columns or tablespaces on the source database by using these commands:

    SELECT name, e.encryptionalg algorithm FROM v$tablespace t, v$encrypted_tablespaces e
    WHERE t.ts# = e.ts# and upper(e.encryptedts) = 'YES';
  2. Copy wallet files from the source database to the target environment, and then configure the sqlnet.ora file on the target to point to the directory where the wallet is located. 

    $ more sqlnet.ora
  3. If the source database does not use auto-open wallet, create the auto-open wallet at the target environment. 

    $ orapki wallet create -wallet /opt/oracle/oradata/nf/wallet -auto_login [-pwd password]
  4. Proceed with provisioning the VDB as described in Provisioning an Oracle VDB.

This topic does not apply to vPDBs.