<<Back to Oracle DB Security Main Page
What is an External Store for a Keystore Password
An external store for a keystore password stores the software keystore password in a centrally accessed and managed location.Why We Need an External Store for a Keystore Password
There are many instances when you need to keep the KeyStore password in script file or you have to type it. If you want to avoid typing the keystore password or storing it in script file External Store is the option to go with.How to Configure an External Store for a Keystore Password
Step1> Set EXTERNAL_KEYSTORE_CREDENTIAL_LOCATION ParameterSQL> ALTER SYSTEM SET EXTERNAL_KEYSTORE_CREDENTIAL_LOCATION ="/home/dbatst1/Wallet/external_store" SCOPE = SPFILE;
System altered.
Step2> Add Wallet Password in External Store
SQL>ADMINISTER KEY MANAGEMENT ADD SECRET 'password'
FOR CLIENT 'TDE_WALLET'
TO LOCAL AUTO_LOGIN KEYSTORE '/home/dbatst1/Wallet/external_store';
Note:Enter 'TDE_WALLET', in capital letters and enclosed in single quotation marks, exactly as shown because this is a fixed value
Step3: Restart the database
SQL> SHUTDOWN IMMEDIATE
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL>
SQL> startup
ORACLE instance started.
Total System Global Area 2147483648 bytes
Fixed Size 8794848 bytes
Variable Size 1912605984 bytes
Database Buffers 218103808 bytes
Redo Buffers 7979008 bytes
Database mounted.
Database opened.
SQL> show parameter EXTERNAL_KEYSTORE_CREDENTIAL_LOCATION
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
external_keystore_credential_locatio string /home/dbatst1/Wallet/external_
n store
Step4: Open the KeyStore
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY EXTERNAL STORE;
To open a keystore in a multitenant environment
For All PDBs
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY EXTERNAL STORE CONTAINER = ALL;
OR
For Current or specific PDBs
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY EXTERNAL STORE CONTAINER = CURRENT;
Comments
Post a Comment