How do I prevent the Oracle TDE wallet from being backed up on the same tape as the RMAN database backups when using Oracle Secure Backup?
RMAN only adds database files, redo-logs etc. to the backup file, and thus there is no risk of the encryption wallet or the auto-open wallet becoming part of a database backup. Oracle Secure Backup (OSB) uses datasets to define which operating system files to add to a backup. OSB automatically excludes auto-open wallets (‘cwallet.sso’). Encryption wallets (‘ewallet.p12’) are NOT automatically excluded; you need to use the exclude dataset statement to specify what files to skip during a backup: exclude name *.p12 • Best practices for wallet backup Backup the Oracle wallet right after creating it, and each time it’s content changes, for example due to a master key re-key operation, and each time you change the wallet password. Always store the wallet (encrypted or (local) auto-open) away from your database backups.
