Oracle Database Backup is encrypted. Encryption can protect Backup files and prevent backup data leakage.
Oracle backup encryption mainly refers to RMAN encryption, and EXP/EXPDP encryption is not available.
RMAN encryption mainly includes the following methods:
1. Password mode Encryption
RMAN> set encryption on identified by "PASSWORD" ONLY;
RMAN> backup as compressed backupset database format 'd: \ oracle \ backup \ full _ % D _ % T _ % t _ % s' tag = 'fullbak ';
In this case, an error is reported when you recover the database. You must specify a password to continue.
RMAN> set decryption identified by "PASSWORD ";
2. transparent data encryption mode:
Wallet is required for transparent database encryption mode,
Wallet Configuration:
1. Update the sqlnet. ora file to include an ENCRYPTED_WALLET_LOCATION entry.
Open sqlnet. ora in the $ ORACLE_HOME/network/admin directory and add the following entries:
ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = D: \ oracle \ product \ 10.2.0 \ db_1 \ admin )))
Specifies the directory created by the universal encryption key.
2. Create a universal encryption key
Sqlplus/nolog
Connect/as sysdba
Alter system set key identified by "welcome1 ";
You need to re-open the key after shutting down the database.
Alter database set wallet open identified by "welcome1"
After the wallet is created, you can use the Wallet option to back up the rman backup.
RMAN> configure encryption for database on;
RMAN> set encryption on;
RMAN> backup as compressed backupset database format 'd: \ oracle \ backup \ full _ % D _ % T _ % t _ % s' tag = 'fullbak ';
If the wallet function is disabled during restoration, an error is returned. You must enable the wallet function first;
3 Mixed Mode:
In hybrid mode, both the Wallet and password are enabled. In local mode, the Wallet is used again. In remote recovery, the password must be restored.
Mixed Mode password settings:
RMAN> set encryption on indentified by "PASSWORD ";