| CPC H04L 9/3268 (2013.01) [G06F 16/214 (2019.01); G06F 21/6218 (2013.01)] | 14 Claims |
|
1. A computer-implemented method comprising:
receiving a request to move a first database tenant from a first database instance to a second database instance, the first database tenant comprising a first tenant object instance associated with a plurality of artifacts of the first database instance, the plurality of artifacts including metadata and data; and
in response to the request:
exporting the metadata associated with the first database tenant from the first database instance to a shared storage system, the metadata including a customer-controlled key management configuration;
importing the metadata to a second database tenant of the second database instance from the shared storage system;
acquiring, by the first database instance and based on the customer-controlled key management configuration, a customer-controlled encryption key associated with the first database tenant;
encrypting the data at the first database instance using the customer-controlled encryption key;
exporting the encrypted data associated with the first database tenant from the first database instance to the shared storage system;
importing the encrypted data to the second database tenant of the second database instance from the shared storage system;
acquiring, by the second database instance and based on the customer-controlled key management configuration, the customer-controlled encryption key associated with the first database tenant;
decrypting the data at the second database instance using the customer-controlled encryption key; and
dropping the first database tenant from the first database instance.
|