The initial configuration is :<\/p>\n\n\n\n
- \n
- The source database name is
CDB01<\/code><\/li>\n\n\n\n- The target database name will be
CDB02<\/code><\/li>\n\n\n\n- The
wallet_root<\/code> database parameter on source database,CDB01<\/code>, is set to\/opt\/oracle\/admin\/CDB01\/wallet<\/code><\/li>\n\n\n\n- The
tde_configuration<\/code> parameter on source database,CDB01<\/code>, is set toKEYSTORE_CONFIGURATION=OKV|FILE<\/code>. That means that the keystore is in OKV server and the auto login file is on local filesystem in\/opt\/oracle\/admin\/CDB01\/wallet\/tde<\/code> path.<\/li>\n\n\n\n- The source database is enrolled as an endpoint. A wallet was defined for the
CDB01<\/code> endpoint, and the TDE keys are uploaded in this wallet.<\/li>\n\n\n\n- On
CDB01<\/code> the SYS password is tagged as sys_pwd<\/em><\/li>\n\n\n\n- The endpoint password is tagged as endpoint_pwd<\/em><\/li>\n\n\n\n
- The RESTFul API is installed on the server in the path
$HOME\/okv<\/code><\/li>\n\n\n\n- Finally, the name of the wallet defined in OKV which contains the TDE keys for
CDB01<\/code> database isORA_DB<\/code><\/li>\n<\/ul>\n\n\n\nThe schema is something like this: <\/p>\n\n\n\n
![\"\"](\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\")
<\/figure>\n\n\n\nThe
CDB01<\/code> database store his keys inORA_DB<\/code> wallet. Normally it has the rights to read\/write in this wallet. At enrol time, we are going to give the rights ro read theORA_DB<\/code> wallet toCDB02<\/code> endpoint (database). <\/p>\n\n\n\nI also use a simple sql script to check the wallet status at the database level:<\/p>\n\n\n
\n[oracle@db ~]$ cat $HOME\/tde.sql\n\nset pages 200\nset line 300\ncol WRL_PARAMETER format a50\ncol status forma a10\ncol pdb_name format a20\nselect pdb_id, pdb_name, guid from dba_pdbs;\nselect * from v$encryption_wallet where con_id != 2;\n\n<\/pre><\/div>\n\n\n
Declare and enrol the endpoint for CDB02<\/h2>\n\n\n\n
The first step is the enrolment of the destination database, CDB02, and grant the rights to read the keys from OKV server.<\/p>\n\n\n\n
Create the destination directory structure for CDB02.<\/p>\n\n\n
\n[oracle@db ~]$ cat $HOME\/okv\/set_okv_rest_env.sh\nexport OKV_RESTCLI_CONFIG=$HOME\/okv\/conf\nexport JAVA_HOME=\/usr\/java\/jdk-11.0.10\nexport OKV_HOME=$HOME\/okv\n\n# source the RESFul API environnement file \n[oracle@db ~]$ source $HOME\/okv\/set_okv_rest_env.sh\n<\/pre><\/div>\n\n\n
Create the database endpoint, for
CDB02<\/code>, using a JSON parameter file:<\/p>\n\n\n\n# create the JSON file for endpoint creation\n[oracle@db ~]$ cat 01.create_endpoint_CDB02.json\n{\n "service" : {\n "category" : "admin",\n "resource" : "endpoint",\n "action" : "create",\n "options" : {\n "endpoint" : "DB_CDB02",\n "description" : "DB server CDB02",\n "platform" : "LINUX64",\n "type" : "ORACLE_DB",\n "strictIpCheck" : "FALSE"\n }\n }\n}\n\n# create the endpoint on OKV\n[oracle@db ~]$ $OKV_HOME\/bin\/okv admin endpoint create --from-json 01.create_endpoint_CDB02.json\n{\n "result" : "Success"\n}\n<\/pre><\/div>\n\n\nEnrol the CDB02 endpoint.<\/p>\n\n\n
\n# create the enroll endpoint JSON file \n[oracle@db ~]$ cat 02.provision_endpoint_CDB02.json\n{\n "service" : {\n "category" : "admin",\n "resource" : "endpoint",\n "action" : "provision",\n "options" : {\n "endpoint" : "DB_CDB02",\n "location" : "\/opt\/oracle\/admin\/CDB02\/wallet\/okv",\n "autoLogin" : "FALSE"\n }\n }\n}\n\n# enroll the endopoint\n[oracle@db ~]$ $OKV_HOME\/bin\/okv admin endpoint provision --from-json 02.provision_endpoint_CDB02.json\nEnter Oracle Key Vault endpoint password: endpoint_pwd\n{\n "result" : "Success"\n}\n<\/pre><\/div>\n\n\nGrant the access to the new
CDB02<\/code> endpoint to read the walletORA_DB<\/code> which keep theCDB01<\/code> TDE keys.<\/p>\n\n\n\n# create the grant access file to the wallet Keeping the source CDB01 Keys. \n[oracle@db ~]$ cat 04_grant_access_wallet_CDB02.json\n{\n "service" : {\n "category" : "manage-access",\n "resource" : "wallet",\n "action" : "add-access",\n "options" : {\n "wallet" : "ORA_DB",\n "endpoint" : "DB_CDB02",\n "access" : "RM_MW"\n }\n }\n}\n\n# grant the access to the ORA_DB wallet for the endpoint.\n[oracle@db ~]$ $OKV_HOME\/bin\/okv manage-access wallet add-access --from-json 04_grant_access_wallet_CDB02.json\n{\n "result" : "Success"\n}\n<\/pre><\/div>\n\n\nCheck that
CDB02<\/code> endpoint can read the keys fromCDB01<\/code> wallet.<\/p>\n\n\n\n# Test \n[oracle@db ~]$ \/opt\/oracle\/admin\/CDB02\/wallet\/okv\/bin\/okvutil list\nEnter Oracle Key Vault endpoint password: endpoint_pwd\nEnter Oracle Key Vault endpoint password:\nUnique ID Type Identifier\n600D0743-01D9-4F2F-BF6F-C9E8AC74FF2A\tSymmetric Key\tTDE Master Encryption Key: TAG CDB:CDB01 MEK first\n6A752388-F93D-4F14-BF35-39E674CAAFED\tSymmetric Key\tTDE Master Encryption Key: TAG REKEY CDB01\nAB294686-1FC4-4FE8-BFAD-F56BAD0A124B\tSymmetric Key\tTDE Master Encryption Key: TAG REKEY CDB01\nBB0CC77A-10AD-4F55-BF0A-9F5A4C7F98C1\tSymmetric Key\tTDE Master Encryption Key: TAG CDB:DBTDEOKV:PDB1 MEK first\n\n<\/pre><\/div>\n\n\n
At this level
okvutil list<\/code> forCDB02<\/code> endpoint, command return the keys available forCDB01<\/code> source database.<\/p>\n\n\n\nClone the CDB01 to CDB02<\/h2>\n\n\n\n
Create an temporary init file with the TDE OKV parameters.<\/p>\n\n\n
\n[oracle@db ~]$ cat \/tmp\/init.ora\ndb_name='CDB02'\nwallet_root='\/opt\/oracle\/admin\/CDB02\/wallet'\ntde_configuration='KEYSTORE_CONFIGURATION=OKV|FILE';\nenable_pluggable_database=true\n<\/pre><\/div>\n\n\n
Copy the Oracle password file
\/opt\/oracle\/product\/19c\/dbhome_1\/dbs\/orapwdCDB01<\/code> to\/opt\/oracle\/product\/19c\/dbhome_1\/dbs\/orapdwCDB02<\/code>.<\/p>\n\n\n\nAdd the
CDB02<\/code> as static identifier to the listener.<\/p>\n\n\n\n[oracle@db ~]$ cat $ORACLE_HOME\/network\/admin\/listener.ora\nLISTENER = (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=db.sub05191447261.vcn01.oraclevcn.com)(PORT=1521)))\n\nSID_LIST_LISTENER=\n(SID_LIST=\n.....\n (SID_DESC=\n (GLOBAL_DBNAME=CDB02)\n (SID_NAME=CDB02)\n (ORACLE_HOME=\/opt\/oracle\/product\/19c\/dbhome_1)\n )\n)\n\n# restart the listener\n[oracle@db ~]$ lsnrctl start listener\n.....\nServices Summary...\nService "CDB01" has 1 instance(s).\n Instance "CDB01", status UNKNOWN, has 1 handler(s) for this service...\nService "CDB02" has 1 instance(s).\n Instance "CDB02", status UNKNOWN, has 1 handler(s) for this service...\nThe command completed successfully\n<\/pre><\/div>\n\n\n
Set the
CDB02<\/code> environnement and start the database using the temporary init file.<\/p>\n\n\n\n[oracle@db ~]$ . oraenv <<< CDB02\n\n[oracle@db ~]$ sqlplus \/ as sysdba\nSQL> startup nomount pfile='\/tmp\/init.ora'\nSQL> exit;\n\n[oracle@db ~]$ rman target sys\/sys_pwd@CDB01 auxiliary sys\/sys_pwd@CDB02\n\nconnected to target database: CDB01 (DBID=1690718290)\nconnected to auxiliary database: CDB02 (not mounted)\n\nRMAN> run {\n allocate auxiliary channel aux1 device type disk;\n allocate auxiliary channel aux2 device type disk;\n\n duplicate target database to CDB02 from active database\n SPFILE \n PARAMETER_VALUE_CONVERT 'CDB01' 'CDB02'\n NOFILENAMECHECK;\n}\n\nusing target database control file instead of recovery catalog\nallocated channel: aux1\nchannel aux1: SID=180 device type=DISK\n\nallocated channel: aux2\nchannel aux2: SID=21 device type=DISK\n\nStarting Duplicate Db at 26-MAR-24\ncurrent log archived\n\ncontents of Memory Script:\n{\n restore clone from service 'CDB01' spfile to\n '\/opt\/oracle\/product\/19c\/dbhome_1\/dbs\/spfileCDB02.ora';\n sql clone "alter system set spfile= ''\/opt\/oracle\/product\/19c\/dbhome_1\/dbs\/spfileCDB02.ora''";\n}\n.....\ncontents of Memory Script:\n{\n Alter clone database open resetlogs;\n}\nexecuting Memory Script\n\ndatabase opened\n\ncontents of Memory Script:\n{\n sql clone "alter pluggable database all open";\n}\nexecuting Memory Script\n\nsql statement: alter pluggable database all open\nFinished Duplicate Db at 26-MAR-24\n\n<\/pre><\/div>\n\n\nThe clone is finished. Test the WALLET configuration<\/p>\n\n\n
\n[oracle@db ~]$ . oraenv <<< CDB02\n\n[oracle@db ~]$ sqlplus \/ as sysdba\n\nSQL> @$HOME\/tde\n\n PDB_ID PDB_NAME\t\tGUID\n---------- -------------------- --------------------------------\n\t 3 PDB01\t\t0AE3AEC4EE5ACDB1E063A001A8ACB8BB\n\t 2 PDB$SEED\t\t0AE38C7FF01EC651E063A001A8AC821E\n\n\nWRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID\n--------- ------------------------------------- -------------- ------------ --------- -------- --------- ----------\nFILE \/opt\/oracle\/admin\/CDB02\/wallet\/tde\/ NOT_AVAILABLE UNKNOWN SINGLE NONE UNDEFINED 1\nOKV CLOSED UNKNOWN SINGLE NONE UNDEFINED 1\nFILE NOT_AVAILABLE UNKNOWN SINGLE UNITED UNDEFINED 3\nOKV CLOSED UNKNOWN SINGLE UNITED UNDEFINED 3\n\n-- the wallet is closed. Open it: \n\nSQL> administer key management set keystore open identified by "endpoint_pwd" container=all;\n\nkeystore altered.\n\nSQL> @$HOME\/tde\n\n PDB_ID PDB_NAME\t\tGUID\n---------- -------------------- --------------------------------\n\t 3 PDB01\t\t0AE3AEC4EE5ACDB1E063A001A8ACB8BB\n\t 2 PDB$SEED\t\t0AE38C7FF01EC651E063A001A8AC821E\n\n\nWRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID\n--------- ------------------------------------ ---------- -------------- --------- -------- --------- ----------\nFILE \/opt\/oracle\/admin\/CDB02\/wallet\/tde\/ OPEN_NO_MA AUTOLOGIN SINGLE NONE UNDEFINED 1\n STER_KEY\nOKV OPEN OKV SINGLE NONE UNDEFINED 1\nFILE OPEN_NO_MA AUTOLOGIN SINGLE UNITED UNDEFINED 3\n STER_KEY\nOKV OPEN OKV SINGLE UNITED UNDEFINED 3\n<\/pre><\/div>\n\n\n
Finally create the auto login wallet, and restart the cloned database to validate the configuration.<\/p>\n\n\n
\n[oracle@db ~]$ . oraenv <<< CDB02\n\n[oracle@db ~]$ sqlplus \/ as sysdba\n-- "OKV_PASSWORD" is used to open the wallet. \n-- "HSM_PASSWORD" is used to access the OKV server(s).\nSQL> ADMINISTER KEY MANAGEMENT ADD SECRET 'endpoint_pwd' FOR CLIENT 'HSM_PASSWORD' TO AUTO_LOGIN KEYSTORE '\/opt\/oracle\/admin\/CDB02\/wallet\/tde';\n\n-- check that the autologin wallet was created \nSQL> !ls \/opt\/oracle\/admin\/CDB02\/wallet\/tde\ncwallet.sso \n\nSQL> startup force\n\nSQL> show pdbs\n\n CON_ID CON_NAME\t\t\t OPEN MODE RESTRICTED\n---------- ------------------------------ ---------- ----------\n\t 2 PDB$SEED\t\t\t READ ONLY NO\n\t 3 PDB01\t\t\t MOUNTED\n\nSQL> alter pluggable database PDB01 open;\n\nPluggable database altered.\n\nSQL> @$HOME\/tde\n\n PDB_ID PDB_NAME\t\tGUID\n---------- -------------------- --------------------------------\n\t 3 PDB01\t\t0AE3AEC4EE5ACDB1E063A001A8ACB8BB\n\t 2 PDB$SEED\t\t0AE38C7FF01EC651E063A001A8AC821E\n\n\nWRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID\n--------- ------------------------------------ ---------- -------------- --------- -------- --------- ----------\nFILE \/opt\/oracle\/admin\/CDB02\/wallet\/tde\/ OPEN_NO_MA AUTOLOGIN SINGLE NONE UNDEFINED 1\n STER_KEY\nOKV OPEN OKV SINGLE NONE UNDEFINED 1\nFILE OPEN_NO_MA AUTOLOGIN SINGLE UNITED UNDEFINED 3\n STER_KEY\nOKV OPEN OKV SINGLE UNITED UNDEFINED 3\n<\/pre><\/div>\n\n\n
All PDB are correctly opened and the wallet are opened too.<\/p>\n\n\n\n
Conclusion<\/h2>\n\n\n\n
The clone process can be fully automatised, and no wallet file must be transfered between the source and the destination server. With the keys in OKV the clone process is identically as withouth OKV. Keeping the keys in OKV is more secure as the principle “Zero touch keys” is respected, and DBA do not manipulate the keys.<\/p>\n\n\n\n
Finally if we want to configure the database
CDB02<\/code> to use another keys as the keys fromCDB01<\/code>, we can execute a REKEY operation.<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
How to clone an Oracle Database which is configured to store the TDE (encryption keys) in the Oracle Key Vault (OKV)<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[198,59,149],"tags":[3153,96],"type_dbi":[],"class_list":["post-32117","post","type-post","status-publish","format-standard","hentry","category-database-management","category-oracle","category-security","tag-okv","tag-oracle"],"acf":[],"yoast_head":"\n
Clone Oracle Database configured with Oracle Key Vault (OKV) - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Clone Oracle Database configured with Oracle Key Vault (OKV)\" \/>\n<meta property=\"og:description\" content=\"How to clone an Oracle Database which is configured to store the TDE (encryption keys) in the Oracle Key Vault (OKV)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-27T16:29:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-24T09:42:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\" \/>\n\t<meta property=\"og:image:width\" content=\"672\" \/>\n\t<meta property=\"og:image:height\" content=\"552\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"Clone Oracle Database configured with Oracle Key Vault (OKV)\",\"datePublished\":\"2024-03-27T16:29:34+00:00\",\"dateModified\":\"2025-01-24T09:42:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\"},\"wordCount\":532,\"commentCount\":3,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\",\"keywords\":[\"OKV\",\"Oracle\"],\"articleSection\":[\"Database management\",\"Oracle\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\",\"name\":\"Clone Oracle Database configured with Oracle Key Vault (OKV) - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\",\"datePublished\":\"2024-03-27T16:29:34+00:00\",\"dateModified\":\"2025-01-24T09:42:07+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png\",\"width\":672,\"height\":552},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Clone Oracle Database configured with Oracle Key Vault (OKV)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Clone Oracle Database configured with Oracle Key Vault (OKV) - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/","og_locale":"en_US","og_type":"article","og_title":"Clone Oracle Database configured with Oracle Key Vault (OKV)","og_description":"How to clone an Oracle Database which is configured to store the TDE (encryption keys) in the Oracle Key Vault (OKV)","og_url":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/","og_site_name":"dbi Blog","article_published_time":"2024-03-27T16:29:34+00:00","article_modified_time":"2025-01-24T09:42:07+00:00","og_image":[{"width":672,"height":552,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png","type":"image\/png"}],"author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"Clone Oracle Database configured with Oracle Key Vault (OKV)","datePublished":"2024-03-27T16:29:34+00:00","dateModified":"2025-01-24T09:42:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/"},"wordCount":532,"commentCount":3,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png","keywords":["OKV","Oracle"],"articleSection":["Database management","Oracle","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/","url":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/","name":"Clone Oracle Database configured with Oracle Key Vault (OKV) - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png","datePublished":"2024-03-27T16:29:34+00:00","dateModified":"2025-01-24T09:42:07+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/2024-03-27_17-43-51.png","width":672,"height":552},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/clone-oracle-database-configured-with-oracle-key-vault-okv\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Clone Oracle Database configured with Oracle Key Vault (OKV)"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/32117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=32117"}],"version-history":[{"count":10,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/32117\/revisions"}],"predecessor-version":[{"id":36865,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/32117\/revisions\/36865"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=32117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=32117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=32117"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=32117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} - The target database name will be