Sunday, 20 April 2014

Configure Tablespace Encryption for Oracle 12c RAC DB.




Follow the below Steps to configure the Tablespace Encryption on Oracle 12c RAC Database.
===============================================================================================

To start with , First Create the Keystore:-

1) Creating Software Keystores

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '<Keystore Location>' IDENTIFIED BY password;

keystore altered.

Note:- This STEP was already executed by you , it seems you created the wallet using mkstore. Hence I did not execute the above step and used the wallet created by you.

2) Create Auto login Keystore

Creating an Auto-Login or Local Auto-Login Software Keystore

SQL> ADMINISTER KEY MANAGEMENT CREATE  [LOCAL] AUTO_LOGIN KEYSTORE FROM KEYSTORE '<Keystore Location>' identified by "<Keystore Password>';

keystore altered.

Note:- The auto-login software keystore can be opened from different computers from the computer where this keystore resides, but the [local] auto-login software keystore can only be opened from the computer on which it was created.

3) Open the Keystore to be used by all container Databases.

Open the Software Keystore


SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "<Keystore Password>" Container=ALL;

keystore altered.

4) Set the TDE Master Encryption Key and Backup the Keystore for All container.

Set the Software TDE Master Encryption Key


SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "<Keystore Password>" WITH BACKUP USING 'TDE_ENCRYPTION' Container=all;

keystore altered.

NOTE:- One can set the Encryption KEY only for particular PDB if required, by Specifying the CONTAINER=<PDB>.

5) Last but not the least Create a  ENCRYPTED TABLESPACE in PDB using below procedure:-

SQL> conn sys/<Password>@<PDB Service Name> as sysdba
Connected.

SQL> create tablespace test datafile '+DATA1' size 100m ENCRYPTION DEFAULT STORAGE (ENCRYPT);

Tablespace created.

  1* select * from v$encryption_wallet
SQL> /

WRL_TYPE             WRL_PARAMETER          STATUS                         WALLET_TYPE          WALLET_OR FULLY_BAC     CON_ID
-------------------- ---------------------- ------------------------------ -------------------- --------- --------- ----------

FILE                 <Wallet Location>        OPEN                           PASSWORD             SINGLE    NO                 0
Posted by at No comments:
Subscribe to: Posts (Atom)