Saturday, August 12, 2023

Oracle RDBMS 12.2: Backup a keystore

 A quick blog on how to backup a keystore in oracle RDBMS version 12.2

I refered to 19c document, but it is still valid in 12.2

url: oracle tde backup link


Example command:

ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE 
USING 'hr.emp_keystore' 
FORCE KEYSTORE 
IDENTIFIED BY software_keystore_password
TO '/etc/ORACLE/KEYSTORE/DB1/';

Actual command:

SQL> ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE
USING 'rman_lvl0_tde_key_12aug23'
FORCE KEYSTORE
IDENTIFIED BY "oracle"
TO '/oraarch/GGSRC03T/TDEBackup/';  2    3    4    5
ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE
*
ERROR at line 1:
ORA-46626: cannot create a backup of the keystore

SQL> !oerr ora 46626
46626, 00000, "cannot create a backup of the keystore"
// *Cause: The backup of the keystore could not be created.
// *Action: Check the trace file for more information and try again.


>>>>>> I missed to create the necessary directory

SQL> !mkdir -p /oraarch/GGSRC03T/TDEBackup/


SQL> ADMINISTER KEY MANAGEMENT BACKUP KEYSTORE
USING 'rman_lvl0_tde_key_12aug23'
FORCE KEYSTORE
IDENTIFIED BY "oracle"
TO '/oraarch/GGSRC03T/TDEBackup/';  2    3    4    5
keystore altered.
SQL>

SQL> !ls -altr /oraarch/GGSRC03T/TDEBackup/
total 4
drwxr-x---. 6 oracle oinstall   75 Aug 12 12:37 ..
-rw-------. 1 oracle oinstall 3848 Aug 12 12:37 ewallet_2023081211374128_rman_lvl0_tde_key_12aug23.p12
drwxr-xr-x. 2 oracle oinstall   68 Aug 12 12:37 .

The keystore is backed up in the directory we requested for.
This is important we backup the keystore with DB backup regularly or atleast when we change the master key. Otherwise the DB backup can never be used in restore/recovery.

Thanks

at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Troubleshooting the “Cannot Generate SSPI Context” Error After SQL Server Migration

  Introduction After a recent  SQL Server migration from 2012 to 2022 , our team encountered a classic authentication issue: The target prin...