Configuring setup Transparent Data Encryption
Check also below for reference:
RMAN -Auto-login Software Keystore -TDE
Using RMAN Transparent-mode Encrypted Backups -Manual
[oracle@srv1 admin]$ sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Thu Aug 1 14:17:43 2019
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> select name,open_mode from v$database;
NAME OPEN_MODE
--------- --------------------
SMR1 READ WRITE
SQL> ! ls -al /u01/app/oracle/product/12.1.0/dbhome_1/dbs/keystore
total 12
drwxr-xr-x 2 oracle oinstall 4096 Aug 1 14:18 .
drwxr-xr-x. 3 oracle oinstall 4096 Aug 1 14:11 ..
-rw-r--r-- 1 oracle oinstall 2408 Aug 1 14:18 ewallet.p12
Check also below for reference:
RMAN -Auto-login Software Keystore -TDE
Using RMAN Transparent-mode Encrypted Backups -Manual
- Create a directory for saving the keystore in it
- mkdir u01/app/oracle/product/12.1.0/dbhome_1/dbs/keystore
[oracle@srv1 admin]$ sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Thu Aug 1 14:17:43 2019
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> select name,open_mode from v$database;
NAME OPEN_MODE
--------- --------------------
SMR1 READ WRITE
SQL> ! ls -al /u01/app/oracle/product/12.1.0/dbhome_1/dbs/keystore
total 12
drwxr-xr-x 2 oracle oinstall 4096 Aug 1 14:18 .
drwxr-xr-x. 3 oracle oinstall 4096 Aug 1 14:11 ..
-rw-r--r-- 1 oracle oinstall 2408 Aug 1 14:18 ewallet.p12
- Specify the keystore location in sqlnet.ora
[oracle@srv1 admin]$ cat sqlnet.ora
NAMES.DIRECTORY_PATH=(tnsnames, hostname)
ENCRYPTION_WALLET_LOCATION =
(SOURCE =
(METHOD = FILE) (METHOD_DATA =
(DIRECTORY = /u01/app/oracle/product/12.1.0/dbhome_1/dbs/keystore)))
- Create the software keystore file
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY oracle;
keystore altered.
- Open the software keystore file:
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY oracle;
- Create the master encryption key.
SQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY oracle WITH BACKUP USING 'for_rman' ;
keystore altered.
- Retrieve the key identifier
SQL> SELECT KEY_ID FROM V$ENCRYPTION_KEYS;
KEY_ID
------------------------------------------------------------------------------
AW+nuISELk+Ov4+DaK8uq/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
No comments:
Post a Comment