Sunday, 9 October 2016

Steps to get TDE Master Key In Physical standby for oracle database 12C with RAC & ASM

INTRODUCTION

Recently I was facing difficulty to make available  Transparent Database Encryption Master  Key in Physical Standby Environment for Oracle database 12C where both Source and target is RAC and using ASM. Describing below simple steps to achieve the same.

1) Steps on the Primary:

        a) Use 'orapki' and create an empty wallet:

$ orapki wallet create -wallet /tmp/primary   (ewallet.p12  will get create)

b) Merge Existing Key with empty wallet

               SQL> administer key management merge keystore 
                        '+DATA/PRIMARY_DB_NAME/wallet/' identified by "Welcome1" INTO existing 
                        keystore  '/tmp/primary' identified by "Welcome1" with backup;

c) check the wallet with 'orapki'

$ orapki wallet display -wallet /tmp/primary

d) Transfer Primary wallet to standby:

$ scp /tmp/primary/ewallet.p12  oracle@standby:/tmp/primary/ewallet.p12

2) Steps on Standby:

     a) Ensure Primary Keys are available on temp location:

$ ls -l /tmp/primary/ewallet.p12

     b) Create a wallet on Standby:

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 
                        '+DATA/STANDBY_DB_NAME/wallet' IDENTIFIED BY Welcome1;

     c) Open the Wallet:

            SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY 
                      Welcome1;

     d) Merge Primary Master Key to Standby Wallet

            SQL> administer key management merge keystore '/tmp/primary' identified by "Welcome1" INTO existing keystore '+DATA/STANDBY_DB_NAME/wallet' identified by "Welcome1" with backup;

     e) Start recovery on standby, MRP process will start applying logs.


Posted by at No comments:
Subscribe to: Posts (Atom)