For creating an encrypted tablespace in a PLUGGABLE DATABASE ( PDB) for multitenant oracle 12c setup, we need to do a few additional steps.
DEMO:
In the below DEMO, we will create a encrypted tablespace under a pluggable database SDCP1
1. Update sqlnet.ora file with ENCRYPTION_WALLET_LOCATION
cat sqlnet.ora
# sqlnet.ora Network Configuration File: /export/home/oracle/product/12c/product/12.2.0/dbhome_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
ENCRYPTION_WALLET_LOCATION =
(source =
(method = file)
(method_data =
(directory = /export/home/oracle/product/12c/product/12.2.0/dbhome_1/network/admin)))
2. Set encryption key at container DB:
SQL> show con_name CON_NAME ------------------------------ CDB$ROOT SQL> SQL> alter system set encryption key identified by "password123"; System altered.
3. Take the backup of the created keystore.
Always create a backup of the keystore , before doing any changes.
SQL> administer key management backup keystore identified by "password123"; keystore altered.
4. Now set the keystore in the pluggable database(PDB).
In our case, SDC1 is a pluggable db.
SQL> alter session set container=SDCP1;
Session altered.
SQL> administer key management set keystore open identified by "password123";
keystore altered.
SQL> administer key management set key identified by "password123";
keystore altered.
SQL> select con_id,STATUS from V$ENCRYPTION_WALLET;
CON_ID STATUS
---------- ------------------------------
3 OPEN
5. Create the encrypted tablespace:
SQL> create tablespace ENCRYPT_TS datafile '/export/home/oracle/product/12c/oradata/ORA12CR2/SDCP1/encryp_ts1.dbf' size 1G encryption default storage(encrypt); Tablespace created. SQL> select TABLESPACE_NAME,ENCRYPTED from dba_tablespaces where tablespace_name='ENCRYPT_TS'; TABLESPACE_NAME ENC ------------------------------ --- ENCRYPT_TS YES
We have successfully created an encrypted tablespace in the PDB.
