RMAN Encrypted Backup

For improved security, RMAN backups can be encrypted. Encrypted backups cannot be read by unauthorized persons. A password or wallet is required to return from Backup.

If your backups are accessible to others, your backups must be encrypted. Otherwise, your backups can be used by malicious people and all your data may be sent to other people or companies.

Rman Backup Encryption Types

With Rman, two types of backups can be encrypted:

  1. Global Encryption using Wallet
  2. Backup Specific Encryption

Global Encryption using Wallet

This option provides global security. All backups will be encrypted.

The steps required for this process are listed below.

First you need to create the wallet directory. After setting $ORACLE_BASE, create a directory named wallet under the directory $ORACLE_BASE/admin/<database_name>.

with oracle:

Set the password with SYS as follows:

NOTE: You can use the following command to activate the wallet when the database restarts. Backups will not be encrypted unless wallet is activated.

Specify that backups will be encrypted via Rman:

Backup Specific Encryption

With this option, only the corresponding backup will be encrypted. The problem with this option is that the password is clearly shown because the password required for encryption will be sent during the process. When you write the password in the script, a person with access to the operating system can retrieve the password and restore the database.

With Rman or in the script you can set the password with the command below and start the backup.

If you start a backup after executing the above script, the backup will be encrypted.

Cancellation of Backup Encryption

If you do not need encryption for backup, you can cancel it with the command below.

Encryption Algorithms

By default, Rman uses the AES128 algorithm for encryption. If you wish, you can change this algorithm as follows.

The available algorithms are available in the V$RMAN_ENCRYPTION_ALGORITHMS view.

Author: dbtut

We are a team with over 10 years of database management and BI experience. Our Expertises: Oracle, SQL Server, PostgreSQL, MySQL, MongoDB, Elasticsearch, Kibana, Grafana.

Leave a Reply

Your email address will not be published. Required fields are marked *