Transparent Data Encryption (TDE) provided by Oracle database enables us to encrypt data that are stored in tables. Oracle database decrypts such data for applications and users who have access to the data. Below, let us see how we can configure the database to implement TDE.
Oracle Wallet files are by default stored under one of the two locations. If ORACLE BASE is not set, then, ORACLE HOME will be preferred.
To create Wallet, use the mkstore command. Provide the location where Wallet file will be stored. Here, it is wallet directory under ORACLE_BASE. Be ready to provide the password when prompted. This password will be used to encrypt the data. So, make sure that you remember the password.
$ORACLE_HOME/bin/mkstore \ -wrl $ORACLE_BASE/admin/<db_unique_name>/wallet \ -create <Password prompt appears here>
vi $ORACLE_HOME/network/admin/sqlnet.ora ENCRYPTION_WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = ORACLE_BASE/admin/db_unique_name/wallet)) )
Connect to database and use alter syste set encryption key statement to set master key for Oracle Wallet as below.
. oraenv <oracle_sid> sqlplus / as sysdba SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY <password>;
SQL> ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY "<password>";
SQL> ALTER SYSTEM SET WALLET CLOSE IDENTIFIED BY "<password>";