Migration of File based TDE to OKV for Gen 2 ExaDB-C@C Using REST Automation for 12.1 RDBMS (Doc ID 2888702.1)

Last updated on JUNE 13, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.2 to 12.1.0.2 [Release 12.1]
Oracle Key Vault - Version 21.1.0.0 to 21.4.0.0
Gen 2 Exadata Cloud at Customer - Version All Versions to All Versions [Release All Releases]
Linux x86-64

Goal

The goal of this doc is to provide step-by-step instructions on how to migrate Gen 2 Exadata Database Service on Cloud at Customer (ExaDB-C@C) File based TDE to Oracle Key Vault (OKV) using REST for RDBMS version 12.1 Gen 2 ExaDB-C@C databases. REST for OKV management provides the capability to script wallet and endpoint deployment and endpoint software installs.

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Step 1) Verify dbaastools and dbcs-agent versions (All Nodes):

Step 2) Run the OKV Automation Script (First Run – Lead Node Only):

Step 3) Create Client Wallet and Update okvrestcli.ini (One Node):

Step 4) Run the OKV Automation Script (Second Run):

Step 5) Run the OKV Deployment Scripts:

Step 6) Copy Current TDE Wallets to OKV_HOME/tde (One Node Only):

Step 7) Upload Wallet (One Node Only):

Step 8) Add Secret (One Node Only):

Step 9) Update sqlnet.ora (All Nodes) and RAC Environment variables (One Node):

Step 10) Migrate Keys (One Node Only):

Step 11) Update CREG (All nodes):

Known Issues/Troubleshooting:

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.