Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Administration

Integrating TDE with CipherTrust Manager on Oracle 19c Exadata Cloud@Customer (ExaCC) in Data Guard Setup

search
printsuggest an edit

Integrating TDE with CipherTrust Manager on Oracle 19c Exadata Cloud@Customer (ExaCC) in Data Guard Setup

This section outlines the following steps to integrate TDE with the CipherTrust Manager on Oracle 19c Exadata:

copy link to clipboardMigrating from File Wallet to HSM Wallet

copy link to clipboardMigrating Auto-Login File Wallet to Auto-Login HSM Wallet

Perform the following steps to migrate a software-based Auto-Login enabled wallet to an Auto-Login enabled HSM wallet:

  1. On the primary node, execute the following:

    dbaascli tde FileToHSM --dbname <database name> --hsmKeystoreConfigType EXTERNAL_HSM

  2. On the standby node, execute the following:

    dbaascli tde FileToHSM --dbname <database name> --hsmKeystoreConfigType EXTERNAL_HSM --primarySuc True

  3. Rotate the master key

    dbaascli tde rotateMasterKey --dbname <database name> --rotateMasterKeyOnAllPDBs

    Note

    Enter file wallet password to rotate the key

copy link to clipboardMigrating Auto-Login File Wallet with United PDB to Auto-Login HSM Wallet with United PDB

Perform the following steps to migrate a software-based Auto-Login enabled wallet to an Auto-Login enabled HSM wallet:

  1. On the primary node, execute the following:

    dbaascli tde FileToHSM --dbname <database name> --hsmKeystoreConfigType EXTERNAL_HSM

  2. On the standby node, execute the following:

    dbaascli tde FileToHSM --dbname <database name> --hsmKeystoreConfigType EXTERNAL_HSM --primarySuc True

  3. Rotate the master key

    dbaascli tde rotateMasterKey --dbname <database name> --rotateMasterKeyOnAllPDBs

    Note

    Enter file wallet password to rotate the key

copy link to clipboardMigrating back from Auto-login HSM Wallet to Auto login File Wallet

  1. On the primary node, execute the following:

    dbaascli tde hsmToFile --dbname <database name> --hsmKeystoreConfigType EXTERNAL_HSM

  2. On the standby node, execute the following:

    dbaascli tde hsmToFile --dbname <database name> --primarySuc true --standbyBlobFromPrimary /var/opt/oracle/log/reg_tmp_files/<database backup>.tar

On this page