RMAN Password encryption
You want to encrypt the backups made with RMAN in order to meet your organization’s security guidelines.By default,all RMAN backups are unencrypted but you can encrypt any RMAN backup in the form of a backup set.You can encrypt sets in two ways transparent encryption and password encryption.Here I’m going to show How to configure Password encryption.
Password Encryption :
RMAN perform encrypted backups by using the set encryption command. This method is called password encryption of backups since the DBA must provide a password both for creating an encrypted backup and for restoring an encrypted backup.
RMAN> set encryption on identified by azar only;
executing command: SET encryption
Here I choosed one tablespace for encryption.
RMAN> configure encryption for tablespace users on;
tablespace USERS will be encrypted in future backup sets
new RMAN configuration parameters are successfully stored
RMAN> backup tablespace users;
Starting backup at 05-JUN-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00004 name=/home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: starting piece 1 at 05-JUN-10
channel ORA_DISK_1: finished piece 1 at 05-JUN-10
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 05-JUN-10
RMAN> sql ‘alter tablespace users offline’;
sql statement: alter tablespace users offline
RMAN> restore tablespace users;
Starting restore at 05-JUN-10
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=148 devtype=DISK
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 06/05/2010 15:55:29
ORA-19870: error reading backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
ORA-19913: unable to decrypt backup
So we need to set decryption.
RMAN> set decryption identified by azar;
executing command: SET decryption
RMAN> restore tablespace users;
Starting restore at 05-JUN-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
channel ORA_DISK_1: restored backup piece 1
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 05-JUN-10
RMAN> recover tablespace users;
Starting recover at 05-JUN-10
using channel ORA_DISK_1
starting media recovery
media recovery complete, elapsed time: 00:00:02
Finished recover at 05-JUN-10
RMAN> sql ‘alter tablespace users online’;
sql statement: alter tablespace users online
RMAN>
DBA 