My Oracle Support Banner

Migration of File based TDE to OKV for Gen 2 ExaDB-C@C Using REST (Doc ID 2828575.1)

Last updated on JULY 17, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.2 and later
Gen 2 Exadata Cloud at Customer - Version All Versions and later
Oracle Key Vault - Version 21.1.0.0 and later
Linux x86-64

Goal

The purpose of this doc is to provide step-by-step instructions on how to migrate Gen 2 Exadata Database Service on Cloud at Customer (ExaDB-C@C) File based TDE to Oracle Key Vault (OKV) using REST for RDBMS versions 12.1 and 19c Gen 2 ExaDB-C@C databases. REST for OKV management provides the capability to script wallet and endpoint deployments and also implement OKV endpoint software installs.

 

 

CDB/PDB isolated keystore mode is not supported on BaseDB, ExaDB-D, and ExaDB-C@C cloud services.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
  Overview
 Step 1) Setup OKV_HOME (WALLET_ROOT) directories for each endpoint (All Nodes):
 Step 2) Download RESTFul Service Utility (All Nodes):
 Step 3) Update okv wrapper script (All Nodes):
 Step 4) Update okvrestcli.ini (All Nodes):
 Step 5) Create Wallet, Endpoints and Install Endpoint Client Software:
 Step 6) Copy Current TDE Wallets to OKV_HOME/tde:
 Step 7) Upload Wallet (One Node Only):
 Step 8) Add Secrets:
 Step 9) Database Initialization Parameters (18c and up):
 Step 10) For 12.1 Databases, update sqlnet.ora (All Nodes) and RAC Environment variables:
 Step 11) Migrate Keys (One node):
 Step 12) Verify Wallet Status:
 Step 13) Update CREG (All nodes):
 Automation:
 Known Issues/Troubleshooting:
 TDE and OKV Endpoint Client Passwords Are Different:
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.