有关TDE配置的一些记录

最新推荐文章于 2024-05-13 14:49:03 发布

wgz7747147820

最新推荐文章于 2024-05-13 14:49:03 发布

阅读量343

点赞数

分类专栏： orale 文章标签： oracle

本文链接：https://blog.csdn.net/wgz7747147820/article/details/106994024

版权

orale 专栏收录该内容

204 篇文章 0 订阅

订阅专栏

搜索TDE配置的顺序

The search order for the TDE keystore depends on how you have set either the
instance initialization parameters, the sqlnet.ora parameters, or the environment
variables.
Oracle Database retrieves the keystore by searching in these locations, in the
following order:
1. The location set by the WALLET_ROOT instance initialization parameter, when the
KEYSTORE_CONFIGURATION attribute of the TDE_CONFIGURATION initialization
parameter is set to FILE. Oracle recommends that you use this parameter to
configure the keystore location.
2. If the KEYSTORE_CONFIGURATION attribute of the TDE_CONFIGURATION initialization
parameter is not set to FILE or WALLET_ROOT is not set, then the location specified
by the WALLET_LOCATION setting in the sqlnet.ora file.
3. If WALLET_ROOT and WALLET_LOCATION are not set, then the location specified by the
ENCRYPTION_WALLET_LOCATION parameter (now deprecated in favor of
WALLET_ROOT) in the sqlnet.ora file.
4. If none of these parameters are set, and if the ORACLE_BASE environment variable
is set, then the $ORACLE_BASE/admin/db_unique_name/wallet directory. If
ORACLE_BASE is not set, then $ORACLE_HOME/admin/db_unique_name/wallet.

配置TDE参数


SQL> alter system set wallet_root='/u01/log/main0618/admin/aug/tde_wallet' scope=spfile;

System altered.

srvctl stop database -d aug;
srvctl start database -d aug;
SQL> alter system set tde_configuration='keystore_configuration=file' scope=spfile;

System altered.

srvctl stop database -d aug;
srvctl start database -d aug;

SQL> show parameter wallet_root;

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
wallet_root			     string	 /u01/log/main0618/admin/aug/td
						 e_wallet
SQL> show parameter tde_configuration;

NAME				     TYPE	 VALUE
------------------------------------ ----------- ------------------------------
tde_configuration		     string	 keystore_configuration=file

创建keystore
01:49:17 SQL> administer key management create keystore identified by "WelCome-123#";

keystore altered.

Elapsed: 00:00:00.22

open这个keystore
02:01:30 SQL> administer key management set keystore open identified by "WelCome-123#";

keystore altered.

Elapsed: 00:00:00.12

设置encryption key
02:03:41 SQL> administer key management set encryption key identified by "WelCome-123#" with backup container=all;

keystore altered.

Elapsed: 00:00:00.76

创造自动登录auto_login keystore
02:06:35 SQL> administer key management create auto_login keystore from keystore '+d001/dbca1/tde' identified by "WelCome-123#";

keystore altered.

Elapsed: 00:00:00.06


02:26:34 SQL> grant syskm to system;

Grant succeeded.

Elapsed: 00:00:00.20
02:26:40 SQL> connect system/dbca1@dbca1 as syskm
Connected.
02:26:49 SQL> alter database dictionary encrypt credentials;

Database dictionary altered.

Elapsed: 00:00:00.03