Encrypt Data While Exporting to Object Storage
You can encrypt table data while exporting to Object Storage.
Use the format
parameter and the
encryption
option with DBMS_CLOUD.EXPORT_DATA
to encrypt data when you export
from Autonomous Database to Object
Storage.
Note the following when you export encrypted data to Object Storage:
-
The
encryption
option is only supported when exporting data from Autonomous Database to Object Storage as CSV, JSON, or XML. -
When the export includes both encryption and compression, the order of operations is: first the data is compressed, next the data is encrypted, and then it is uploaded to Object Storage.
-
There are two supported encryption methods:
-
Using a user-defined function.
-
Using a
DBMS_CRYPTO
specified encryption algorithm.See DBMS_CRYPTO for information on the cryptographic functions and procedures for encryption and decryption.
-
Topics
- Encrypt Data Using DBMS_CRYPTO Encryption Algorithms
Shows the steps to encrypt data usingDBMS_CRYPTO
encryption algorithms while exporting to Cloud Object Storage. - Encrypt Data with a User Defined Encryption Function
Shows the steps to encrypt data using a user-defined encryption function while exporting to Cloud Object Storage.
Encrypt Data Using DBMS_CRYPTO Encryption Algorithms
Shows the
steps to encrypt data using DBMS_CRYPTO
encryption algorithms while exporting
to Cloud Object Storage.
Perform the following steps to encrypt data while exporting to Cloud Object Storage (this example exports table data to a CSV file):
After you encrypt files with DBMS_CLOUD.EXPORT_DATA
, when you use DBMS_CRYPTO
encryption algorithms to encrypt the files, you have these options for using or importing
the files you exported:
-
You can use
DBMS_CLOUD.COPY_DATA
orDBMS_CLOUD.COPY_COLLECTION
with the same encryption algorithm options and the key to decrypt the files.See Decrypt and Load Data Using DBMS_CRYPTO Algorithms for more information.
-
You can query the data in an external table by supplying the same encryption algorithm options and the key to decrypt the files, with any of the following procedures:
-
DBMS_CLOUD.CREATE_EXTERNAL_TABLE
-
DBMS_CLOUD.CREATE_EXTERNAL_PART_TABLE
-
DBMS_CLOUD.CREATE_HYBRID_PART_TABLE
For
DBMS_CLOUD.CREATE_HYBRID_PART_TABLE
this option is only applicable to the Object Storage files.
See Decrypt and Load Data Using DBMS_CRYPTO Algorithms for more information.
-
-
On a system that is not an Autonomous Database you can use the
DBMS_CRYPTO
package with the same algorithm options and the key to decrypt the files.Note that the key is stored as a
VARCHAR2
in the credential in Autonomous Database butDBMS_CRYPTO
usesRAW
type for the key parameter.See DBMS_CRYPTO Algorithms for more information on encryption algorithms.
Parent topic: Encrypt Data While Exporting to Object Storage
Encrypt Data with a User Defined Encryption Function
Shows the steps to encrypt data using a user-defined encryption function while exporting to Cloud Object Storage.
Perform the following steps to encrypt data while exporting to Cloud Object Storage (this example exports table data to a CSV file):
Parent topic: Encrypt Data While Exporting to Object Storage