Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
New Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 
 

 expdp encrypted export tips

Oracle Database Tips by Donald BurlesonMarch 18, 2015

Question:  How do I make an encrypted export job?  I'm using a data pump export (expdp) and I want to hide the password and data.

Answer:  Data Pump allows the export to be done in encrypted mode. This mode allows having the encrypted columns maintained in the dump file. There are different modes of the encryption available, i.e. dual, transparent and password. Also, you can decide where the encryption mode should be applied; for example, to the entire data and metadata (all), just the metadata (metadata_only) or none.

The encryption modes of dual and transparent require the Oracle Wallet to be open and available and need the compatible mode of the database to be set to 11.0.0.  The simplest mode is the password mode which needs the password to be supplied at the time of the export and the same password is needed with the import. Failing would lead to the import's failure.  Encryption requires the Advanced Security license option.

Data Pump has the following encryption parameters:

  • encryption:  Is used to encrypt data before writing it to the dump file and accepts five values

  • all:  Enables encryption for both data and metadata of the exported objects

  • data_only:  Enables encryption for only data that is exported

  • encrypted_columns_only:  Enables encryption only for encrypted columns

  • metadata_only:  Enables encryption of the metadata of the exported objects

  • none:  Disables encryption of the data and metadata of the exported objects

  • encryption algorithm:  Specifies the algorithm for the encryption and accepts three algorithms:

    • AES128:  The default value

    • AES192

    • AES256

  • encryption_mode:  Specifies the type of security and accepts the following values:

    • password:  Required to provide a password to encrypt the dump file

    • transparent:  Requires a wallet to use

    • dual:  Creates a dump file which might be imported using both the above mentioned modes

    • encryption_password:  Is used to provide a password for the dump file and differs between Oracle 10g and 11g. If this parameter is used, then the encryption parameter's default value becomes ALL. If both parameters are omitted, then the encryption parameter is set to NONE. 

In the following example, use all parameters to export data that is encrypted and password provided using the AES256 algorithm mode:

expdp usr1/usr1 dumpfile=dp_dir:test.dmp logfile=dp_dir:test.log encryption=all encryption_mode=password encryption_password=test encryption_algorithm=aes256 tables='tbl_test';

When you try to import the dump file without providing any password, you get the following error:

impdp usr2/usr2 remap_schema=usr1:usr2 dumpfile=dp_dir:test.dmp logfile=dp_dir:log.dmp

ORA-39002: invalid operation
ORA-39174: Encryption password must be supplied.

However, by supplying the correct password, you are able to import the object:

impdp usr2/usr2 remap_schema=usr1:usr2 dumpfile=dp_dir:test.dmp logfile=dp_dir:log.log encryption_password=test


 
 
 
Get the Complete
Oracle Utility Information 

The landmark book "Advanced Oracle Utilities The Definitive Reference"  contains over 600 pages of filled with valuable information on Oracle's secret utilities. This book includes scripts and tools to hypercharge Oracle 11g performance and you can buy it for 30% off directly from the publisher.
 


 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2017

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.

Remote Emergency Support provided by Conversational

 

 

��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster