C Troubleshooting Oracle Key Vault
Oracle provides checklists, tips, instructions, and how-tos for common errors to help you smoothly install and deploy Oracle Key Vault.
- Before You Start Troubleshooting
Learn how to use the endpoint health check utility and troubleshoot the Oracle Key Vault server issues. - Common Oracle Key Vault Tasks
Review these tasks for resolving common issues encountered when working with Oracle Key Vault. - okvutil and Endpoint Issues
Learn how to run the endpoint health check utility to triage endpoint related issues - Multi-Master Cluster Issues
Review these troubleshooting tips for common Multi-Master Cluster related errors when working with Oracle Key Vault. - Backup and Restore Issues
Review these troubleshooting tips for common backup and restore related issues when working with Oracle Key Vault. - Certificate Related Issues
Review these troubleshooting tips for common certificate-related issues when working with Oracle Key Vault. - Installation and Upgrade Issues
Review these troubleshooting tips for common installation and upgrade issues when working with Oracle Key Vault. - Primary-Standby Configuration Issues
Review these troubleshooting tips for commonly encountered primary-standby configuration related issues when working with Oracle Key Vault. - DBCS Endpoint Configuration Issues
Review these troubleshooting tips for commonly encountered DBCS endpoint configuration related issues when working with Oracle Key Vault. - Server and Node Issues
Review these troubleshooting tips for common server and node related errors when working with Oracle Key Vault. - Remote Pluggable Database Cloning Issues
Review these troubleshooting tips for scenarios that can occur when remotely cloning a pluggable database (PDB) between source and target systems.
C.1 Remote Pluggable Database Cloning Issues
Review these troubleshooting tips for scenarios that can occur when remotely cloning a pluggable database (PDB) between source and target systems.
- Cloning a PDB Where the Source and Target Databases Both use Oracle Key Vault
TDE keys must be available to both the source and target databases. In Oracle Key Vault, this is done by assigning (sharing) the keys of the source PDB to the target endpoint wallet. - Cloning a PDB from an Oracle Key Vault-enabled Database to a non-Oracle Key Vault Database
In this scenario, between the source and target databases, Oracle Key Vault is configured only on the source database. - Cloning a PDB from a non-Oracle Key Vault Database to an Oracle Key Vault-enabled Database
In this scenario, between the source and target databases, Oracle Key Vault is configured only on the target database.
Parent topic: Troubleshooting Oracle Key Vault
C.1.1 Cloning a PDB Where the Source and Target Databases Both use Oracle Key Vault
TDE keys must be available to both the source and target databases. In Oracle Key Vault, this is done by assigning (sharing) the keys of the source PDB to the target endpoint wallet.
Perform the following steps to share the keys between wallets in the Oracle Key Vault server:
- Log in to the Oracle Key Vault management console as an SSH admin user.
- In the Keys and Wallets tab, select All Items.
- To verify if the source PDB keys are added to the target endpoint wallet, in the Keys & Secrets page, confirm that the source PDB keys are assigned to the target endpoint’s wallet.
- If a key is not assigned to any wallet, click the pencil icon for the key.
- On the edit page, click Add Wallet Membership, and then select the wallet assigned to the target endpoint.
- Click Save.
- View the Keys & Secrets page again to verify that the key displays the correct wallet membership.
The above steps do not apply when cloning a PDB within the same database.
Parent topic: Remote Pluggable Database Cloning Issues
C.1.2 Cloning a PDB from an Oracle Key Vault-enabled Database to a non-Oracle Key Vault Database
In this scenario, between the source and target databases, Oracle Key Vault is configured only on the source database.
- Create a temporary database and configure it with Oracle Key Vault that matches the configuration of the source database.
- Clone the PDB from the source database into the temporary database.
- Reverse-migrate the temporary database from Oracle Key Vault to a non-Oracle Key Vault keystore.
- Clone the PDB from the temporary database into the target (non-Oracle Key Vault) database.
- After cloning the PDB, delete the temporary database.
Note:
Do not delete any temporary database wallets from the Oracle Key Vault server even after you complete the cloning.Parent topic: Remote Pluggable Database Cloning Issues
C.1.3 Cloning a PDB from a non-Oracle Key Vault Database to an Oracle Key Vault-enabled Database
In this scenario, between the source and target databases, Oracle Key Vault is configured only on the target database.
- Create a temporary database that matches the configuration of the source database.
- Clone the PDB from the source database into the temporary database.
- Configure Oracle Key Vault for the temporary database.
- Migrate all required TDE keys from the temporary database to Oracle Key Vault.
- Clone the PDB from the temporary database to the target database. For more information, see Cloning a PDB Where the Source and Target Databases Both use Oracle Key Vault.
- After cloning the PDB, delete the temporary database.
Note:
Do not delete any temporary database wallets from the Oracle Key Vault server even after you complete the cloning.Parent topic: Remote Pluggable Database Cloning Issues