<<Back to DB Administration Main Page
How to configure TDE in pluggable database in 12c for Standalone and RAC environment
Assumption:You have already created a Container Database (CDB01 in my case)
You already have created a pluggable Database (PDB01 in my case)
Step1> Configure sqlnet.ora, Add the below entry
## COMMON WALLET LOCATION
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=+DATAC4/$ORACLE_SID/wallet)
)
)
Step2> Create Key store on CDB database and generate master encryption key for CDB
SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '+DATAC4/CDB01/wallet' IDENTIFIED BY "xxxxxxx";
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "xxxxxxx";
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "xxxxxxx" WITH BACKUP;
Step3> Verify the wallet has been opened in CDB database
SQL> select * from v$encryption_wallet;
Step4> Open the respective PDB if not already opened and set the PDB as current database
alter pluggable database PDB01 open;
alter session set container=PDB01;
Step5> Open the keystore in that PDB and generate master encryption key for the PDB
SQL>ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "xxxxxxx";
SQL>select * from v$encryption_wallet;
SQL>ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "xxxxxxx" with backup;
SQL>select * from v$encryption_wallet;
Step6> Create encrypted tablespace
SQL> create tablespace encrypted_ts
datafile '+DATAC4'
size 1M autoextend on next 1M
encryption using 'AES128'
default storage (encrypt)
/
Step7 > Applicable for RAC only
for RAC Make sure encryption_wallet_location parameter is configured in sqlnet.ora file of all other RAC nodes.
Step8 > Copy the wallet file ewallet.p12 from first RAC node to all other RAC nodes in ENCRYPTION_WALLET_LOCATION directory
if you are using ASM to store wallet step8 is not required
Comments
Post a Comment