Data-At-Rest Encryption for Oracle database

-

 As part of database security, DBA need to enable encryption for the database. In this blog, we will go through the steps for encryption at rest in oracle database. 

Step 1) Add following entry in sqlnet.ora on all node of RAC cluster. 



Step 2) Create TDE directory on all the nodes on the cluster.
 mkdir -p $ORACLE_BASE/tde/$ORACLE_SID

Step 3) Create Wallet and Encrption key. 


SQL>
prompt Creating the Password based Key Store
prompt
administer key management create keystore '$ORACLE_BASE/tde/$ORACLE_SID' identified by "<Master Key>;
prompt Opening the Password based Key Store
prompt
administer key management set keystore open identified by "<Master Key>";
prompt Creating and Setting the Master Encryption Key
prompt
administer key management set key identified by "<Master Key>" with backup using 'TDE';
prompt Creating the auto-login for Key Store
prompt
administer key management create auto_login keystore from keystore '$ORACLE_BASE/tde/$ORACLE_SID' identified by "<Master Key>";

Step 4) Copy wallet and auto login files on all cluster node and standby database node (if any)

Step 5) Verify the wallet status. 
SQL> Select * from gv$encryption_wallet; 

Make sure wallet is open and wallet_type is autologin. 

Step 6) Encrypt the tablespace using below commads.

Alter tablespace <Tablespace name> encryption online using 'AES256' encrypt;

Step 7) USE DBV to verify that datafiles have been encrypted.

dbv file='datafile path' userid=/

Step 8) Login to database to check datafiles and tablespace encryption. 



Select tablespace_name,status,encrypted from dba_tablespaces order by tablespace_name;
Select a.name, b.encryptionalg, b.encryptedts, b.encryptedkey from v$tablespace a, v$encrypted_tablespaces b where a.ts#=b.ts# order by a.name;

==========================================================

Please check our other blogs for Security & TDE.

 


Location: Singapore

Comments

Post a Comment

Please do not enter any spam link in comment Section suggestions are Always Appreciated. Thanks.. !

Popular posts from this blog

Restore MySQL Database from mysqlbackup

-
Image
 Restore MySQL Database from mysqlbackup  In todays world, One of the most common activity is to perform database restore using old backup or performing PIT recovery for database.  In this blog , We will show you how to perform restore and recovery of the MySQL database using backup taken via mysqlbackup. In order to restore Mysql database from MySQL backup , We will follow below steps: 1) Shut down MySQL Database Server/Service Check the status of the mysql service using command : systemctl status mysql Shut down mysql service using command : systemctl stop mysql 2) Delete all existing file of MySQL Server Delete all files inside the server's data directory. Also delete all files inside the directories specified by the --innodb_data_home_dir, --innodb_log_group_home_dir, and --innodb_undo_directory options for restore, if the directories are different from the data directory. 3) Restore full Backup mysqlbackup  --defaults-file=/etc/mysql/mysql.conf.d/mysqld.cnf --datadir=/var/lib
Read more

Oracle 19c New Features

-
Oracle 19c New Features As Oracle Support have made 12.2 version of Oracle ,its has become important for us to upgrade our 12c database to 19c.And before upgrade any database to latest version , We need to know the latest new features of that particular version.  In the current blog , We are going to discuss about new features of the Oracle 19C database : 1)Automatic Indexing  This is one of the important Oracle database 19c New feature. Automatic Indexing is one of the great feature included in 19c . It automates index management tasks, such as creating, rebuilding, and dropping indexes in an Oracle Database based on changes in the application workload. This feature improves database performance by managing indexes automatically in an Oracle Database. Oracle has provided new package DBMS_AUTO_INDEX for this. This enables automatic indexing in a database, but creates any new auto indexes as invisible indexes, so that they cannot be used in SQL statements: EXEC DBMS_AUTO_INDEX.CONFIGURE
Read more