-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathisenc_tde_pdbiso.sql
63 lines (54 loc) · 2.41 KB
/
isenc_tde_pdbiso.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
--------------------------------------------------------------------------------
-- OraDBA - Oracle Database Infrastructur and Security, 5630 Muri, Switzerland
--------------------------------------------------------------------------------
-- Name......: isenc_tde_pdbiso.sql
-- Author....: Stefan Oehrli (oes) [email protected]
-- Editor....: Stefan Oehrli
-- Date......: 2023.08.29
-- Revision..:
-- Purpose...: Initialize TDE in a PDB in isolation mode i.e., with a dedicated
-- wallet in WALLET_ROOT for this pdb. The CDB must be configured for
-- TDE beforehand. This scripts does use several other scripts to
-- enable TDE and it also includes restart of the pdb.
--
-- The following steps are performed:
-- - csenc_swkeystore.sql create and configure software keystore
-- - csenc_master.sql create master encryption key
-- - restart pdb
-- - ssenc_info.sql show current TDE configuration
-- Notes.....:
-- Reference.: Requires SYS, SYSDBA or SYSKM privilege
-- License...: Apache License Version 2.0, January 2004 as shown
-- at http://www.apache.org/licenses/
--------------------------------------------------------------------------------
SET FEEDBACK OFF
SET VERIFY OFF
-- define default values for wallet password
COLUMN def_wallet_pwd NEW_VALUE def_wallet_pwd NOPRINT
-- generate random password
SELECT dbms_random.string('X', 20) def_wallet_pwd FROM dual;
-- assign default value for parameter if argument 1 is empty
COLUMN 1 NEW_VALUE 1 NOPRINT
SELECT '' "1" FROM dual WHERE ROWNUM = 0;
DEFINE wallet_pwd = &1 &def_wallet_pwd
COLUMN wallet_pwd NEW_VALUE wallet_pwd NOPRINT
-- format SQLPlus output and behavior
SET LINESIZE 180 PAGESIZE 66
SET HEADING ON
SET VERIFY ON
SET FEEDBACK ON
-- start to spool
SPOOL isenc_tde_pdbiso.log
-- configure software keystore for database / cdb
@csenc_swkeystore.sql &wallet_pwd
-- uncomment the following line if you have issues with pre-created master
-- encryption keys. e.g., because TDE wallets have been recreated
--@idenc_lostkey.sql
-- configure master encryption key
@csenc_master.sql
PROMPT == Restart database to load software keystore with new master key =======
STARTUP FORCE;
-- display information
@ssenc_info.sql
SPOOL OFF
-- EOF -------------------------------------------------------------------------