<<Back to DB Administration Main Page
Backup Database Wallet (Password-Based Software Keystores)
A backup of the keystore contains all of the keys contained in the original keystore. After you complete the backup operation, the keys in the original keystore are marked as "backed up". You can check this in FULLY_BACKED_UP column in V$ENCRYPTION_WALLET view ;
SQL> select FULLY_BACKED_UP from V$ENCRYPTION_WALLET;
FULLY_BAC
---------
NO
SQL> ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE USING 'Key_bkp' FORCE KEYSTORE IDENTIFIED BY xxxx;
keystore altered.
SQL> select FULLY_BACKED_UP from V$ENCRYPTION_WALLET;
FULLY_BAC
---------
YES
NOTE: If you modify the keystore (modify a key or a secret etc) and the modification does not exists in the backup copy the value of FULLY_BACKED_UP column in V$ENCRYPTION_WALLET changes to NO even if it was yes before.
Oracle Database prefixes the software keystore password file name with the file creation time stamp in UTC format. If you provide an identifier string, then this string is inserted between the time stamp and keystore name.
ASMCMD> ls DG_TST_DATA/TST1T/wallet/
ewallet_2018111509564248.p12
ewallet_2018111912235902.p12
ewallet_2018112311542812_Key_bkp.p12
ewallet_2018112312011398_Key_bkp.p12
You cannot back up auto-login or local auto-login software keystores. No new keys can be added to them directly through the ADMINISTER KEY MANAGEMENT statement operations. The information in these keystores is only read and hence there is no need for a backup.
Syntax
ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE [USING 'backup_identifier']
[FORCE KEYSTORE] IDENTIFIED BY [EXTERNAL STORE | software_keystore_password]
[TO 'keystore_location'];
Comments
Post a Comment