Skip to content
Advertisements

RMAN Password encryption

 
You want to encrypt the backups made with RMAN in order to meet your organization’s security guidelines.By default,all RMAN backups are unencrypted but you can encrypt any RMAN backup in the form of a backup set.You can encrypt sets in two ways transparent encryption and password encryption.Here I’m going to show How to configure Password encryption.

Password Encryption :

RMAN perform encrypted backups by using the set encryption command. This method is called password encryption of backups since the DBA must provide a password both for creating an encrypted backup and for restoring an encrypted backup.

RMAN> set encryption on identified by azar only;

executing command: SET encryption

Here I choosed one tablespace for encryption.

RMAN> configure encryption for tablespace users on;

tablespace USERS will be encrypted in future backup sets
new RMAN configuration parameters are successfully stored

RMAN> backup tablespace users;

Starting backup at 05-JUN-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00004 name=/home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: starting piece 1 at 05-JUN-10
channel ORA_DISK_1: finished piece 1 at 05-JUN-10
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 05-JUN-10

RMAN> sql ‘alter tablespace users offline’;

sql statement: alter tablespace users offline

RMAN> restore tablespace users;

Starting restore at 05-JUN-10
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=148 devtype=DISK

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 06/05/2010 15:55:29
ORA-19870: error reading backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
ORA-19913: unable to decrypt backup

So we need to set decryption.

RMAN> set decryption  identified by azar;

executing command: SET decryption

RMAN> restore tablespace users;

Starting restore at 05-JUN-10
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
channel ORA_DISK_1: restored backup piece 1
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 05-JUN-10

RMAN> recover tablespace users;

Starting recover at 05-JUN-10
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:02

Finished recover at 05-JUN-10

RMAN> sql ‘alter tablespace users online’;

sql statement: alter tablespace users online

RMAN>

Advertisements
2 Comments Post a comment
  1. I have tested, nice article. Congratulation.

    June 7, 2010
    • Thank you Mr.Ulfat, You’re welcome.

      June 7, 2010

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: