orcl:pdb11 -> PROD1:pdb11
-- 1. キーストアとCDBマスター暗号化キーの作成 ( orcl, PROD1 )
conn / as sysdba
show parameter wallet
show parameter tde
ALTER SYSTEM SET WALLET_ROOT = '/oradata/orcl' SCOPE = spfile SID = '*';
ALTER SYSTEM SET WALLET_ROOT = '/oradata/PROD1' SCOPE = spfile SID = '*';
shutdown immediate
startup
ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" SCOPE = BOTH SID = '*';
show parameter wallet
show parameter tde
select * from v$encryption_wallet;
ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY oracle;
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY oracle ;
ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY oracle WITH BACKUP USING 'test';
ADMINISTER KEY MANAGEMENT SET KEYSTORE close IDENTIFIED BY oracle ;
ADMINISTER KEY MANAGEMENT CREATE LOCAL AUTO_LOGIN KEYSTORE
FROM KEYSTORE IDENTIFIED BY oracle;
shutdown immediate
startup
select * from v$encryption_wallet;
-- 2. PDBマスター暗号化キーの作成 ( orcl )
orcl:pdb11で下記を実行しmaster keyを作成
sqlplus sys/oracle@localhost:1523/pdb11.example.com as sysdba
ADMINISTER KEY MANAGEMENT SET KEY
FORCE KEYSTORE
IDENTIFIED BY oracle
WITH BACKUP USING 'test';
select * from v$encryption_wallet;
-- 3. 既存表領域の暗号化 ( orcl )
sqlplus sys/oracle@localhost:1523/pdb11.example.com as sysdba
select TABLESPACE_NAME,ENCRYPTED from dba_tablespaces
order by TABLESPACE_NAME;
ALTER TABLESPACE SYSTEM ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE SYSAUX ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE UNDO_1 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE USERS ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE USERTBS ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS01 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS02 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS03 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS04 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS05 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
ALTER TABLESPACE TBS55 ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
select * from dba_temp_files;
create temporary tablespace TEMP2 tempfile '/oradata/orcl/pdb11/temp02.dbf'
size 10M autoextend on maxsize unlimited
ENCRYPTION USING 'AES256' ENCRYPT;
select * from database_properties where PROPERTY_NAME = 'DEFAULT_TEMP_TABLESPACE';
alter database default temporary tablespace TEMP2;
drop tablespace TEMP including contents and datafiles;
select * from V$ENCRYPTED_TABLESPACES
order by TS#;
-- 4. PDBの切断 ( orcl )
conn / as sysdba
alter pluggable database pdb11 close immediate;
show pdbs;
ALTER PLUGGABLE DATABASE pdb11
UNPLUG INTO '/tmp/pdb11.pdb'
ENCRYPT USING transport_secret;
-- 5. PDBの接続 ( PROD1 )
conn / as sysdba
show pdbs;
CREATE PLUGGABLE DATABASE pdb11
USING '/tmp/pdb11.pdb'
KEYSTORE IDENTIFIED BY oracle
DECRYPT USING transport_secret;
alter pluggable database pdb11 open;
alter session set container=pdb11;
ADMINISTER KEY MANAGEMENT SET KEY
FORCE KEYSTORE
IDENTIFIED BY oracle
WITH BACKUP USING 'test';
select * from v$encryption_wallet;
select TABLESPACE_NAME,ENCRYPTED from dba_tablespaces
order by TABLESPACE_NAME;
select * from V$ENCRYPTED_TABLESPACES
order by TS#;
