假设keystore和master encryption key已经配置好了,此过程略。
先从一个已经加密的数据库jiamipdb克隆一个用于实验的PDB,即jiemipdb:
-- 源库有key store
create pluggable database jiemipdb from jiamipdb keystore identified by keypwd;
此克隆会将源PDB的users表空间的8个数据文件全部拷贝过来。170GB+,时间还是蛮快的:
Pluggable database created.
Elapsed: 00:01:32.70
SQL> col bytes for 999,999,999,999,999
SQL> select ts#,BYTES from v$datafile;
TS# BYTES
---------- --------------------
0 408,944,640
1 534,773,760
2 246,415,360
5 15,861,022,720
5 24,641,536,000
5 24,431,820,800
5 24,746,393,600
5 25,480,396,800
5 25,060,966,400
5 24,641,536,000
5 23,802,675,200
11 rows selected.
SQL> select sum(bytes)/1024/1024/1024 from v$datafile where ts#=5;
SUM(BYTES)/1024/1024/1024
-------------------------
175.709229
打开PDB。查看状态:
SQL> alter session set container=jiemipdb;
Session altered.
SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;
STATUS
------------------------------
CLOSED
开始表空间离线解密:
SQL> ALTER TABLESPACE users OFFLINE NORMAL;
Tablespace altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY keypwd;
keystore altered.
SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;
STATUS
------------------------------
OPEN
-- 解密耗时Elapsed: 00:14:20.66
SQL> ALTER TABLESPACE users ENCRYPTION OFFLINE DECRYPT;
Tablespace altered.
-- 加密耗时Elapsed: 00:18:54.19
SQL> ALTER TABLESPACE users ENCRYPTION OFFLINE ENCRYPT;
Tablespace altered.
-- 解密耗时Elapsed: 00:17:15.31
SQL> ALTER TABLESPACE users ENCRYPTION OFFLINE DECRYPT;
Tablespace altered.
SQL> ALTER TABLESPACE users ONLINE;
Tablespace altered.
解密完成了,查看状态,应该没有输出才对:
SQL> select TS#, ENCRYPTIONALG, ENCRYPTEDTS, STATUS, CON_ID from V$ENCRYPTED_TABLESPACES;
no rows selected