Example of Configure TDE in Oracle 19c
- Configure the WALLET_ROOT parameter
SQL> ALTER SYSTEM SET WALLET_ROOT='E:\ORACLE\wallets\orcl' SCOPE=SPFILE;
System altered.
2. For WALLET_ROOT parameter effective, need to reboot the database.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 2550133384 bytes
Fixed Size 9269896 bytes
Variable Size 553648128 bytes
Database Buffers 1979711488 bytes
Redo Buffers 7503872 bytes
Database mounted.
Database opened.3. Set the TDE Configuration parameter as shown below:
SQL> ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" SCOPE=BOTH;
System altered.4. Check the wallet location:
SQL> select wrl_parameter from v$encryption_wallet;
WRL_PARAMETER
--------------------------------------------------------------------------------
E:\ORACLE\WALLETS\ORCL\tde\5. Directory should be present at physical location : E:\ORACLE\WALLETS\ORCL\tde
6. Create the key store and auto login with following commands:
SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'E:\ORACLE\wallets\orcl\tde' IDENTIFIED BY password;
keystore altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY password container=all;
keystore altered.
SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE 'E:\ORACLE\wallets\orcl\tde' IDENTIFIED BY password;
keystore altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY password WITH BACKUP;
keystore altered.
7. Check wallet status:
SQL> SELECT STATUS FROM V$ENCRYPTION_WALLET;
STATUS
------------------------------
OPEN
OPEN
CLOSED8. Configure for PDB database:
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDB MOUNTED
SQL> alter pluggable database PDB open;
Pluggable database altered.
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY password container=current;
keystore altered.
SQL> SELECT * FROM V$ENCRYPTION_WALLET;
STATUS
--------------------
OPEN_NO_MASTER_KEY
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY password with backup;
keystore altered.
SQL> SELECT * FROM V$ENCRYPTION_WALLET;
STATUS
--------------------
OPEN
Pingback: Configuring Transparent Data Encryption (TDE) in Oracle 19c or 12c PDBs | Smart way of Technology