CLI cookbook: Provisioning a TDE-enabled vPDB in a target CDB

This topic describes how to provision a TDE-enabled virtual pluggable database (vPDB) in a target CDB (a linked CDB or existing vCDB) using the command-line interface.

This process applies to Oracle version 12.2.0.1 or later versions. 

Prerequisites

The prerequisites are the same as described in CLI Cookbook: Provisioning a Virtual PDB in a Target CDB, plus the following extra prerequisites: 

  • TDE must be configured for the source container database before it’s linked to the engine.

  • The source PDB must have TDE configured before it’s linked as dSources to Delphix.

  • The keystore file of the source container database must be accessible from the target host. If the target database is running in a RAC environment, the keystore file of the source container database must be accessible from all target nodes.

  • TDE Keystore Password must be set for the target CDB.

  • If the target database is running in a RAC environment, TDE Keystores Root must be set for each node.

In the example CLI provision detailed below, assuming:

  • The source container database TDE Keystore Password is mySrcCdbTdePwd.

  • The source container database keystore file can be accessed from the target host(s) with path /u01/app/oracle/keystores/cdb12/wallet.

  • The vPDB’s TDE Secret for Exported Keys is myVpdbTdeSecret.

For more information about TDE parameters, please refer to Provisioning a TDE-enabled vPDB.

Procedure

After following all steps in the Procedure section of CLI Cookbook: Provisioning a Virtual PDB in a Target CDB to set provision parameters, set TDE-related parameters as follows before the commit: 

  1. Set parentTdeKeystorePath, which is the path used to access the source CDB’s TDE keystore file from the target host(s).

    Copy 
    delphix database provision *> set source.parentTdeKeystorePath=/u01/app/oracle/keystores/cdb12/wallet

  2. Set parentTdeKeystorePassword, which is the password of the source CDB’s TDE keystore.

    Copy 
    delphix database provision *> set source.parentTdeKeystorePassword=mySrcCdbTdePwd

  3. Supply tdeExportedKeyFileSecret, which is the password used for exporting the vPDB’s keys to the keyfile.

    Copy 
    delphix database provision *> set source.tdeExportedKeyFileSecret=myVpdbTdeSecret

  4. After all the parameters are set, initiate the provision by committing the operation in the CLI:

    Copy 
    delphix database provision *> commit