We have outsourced our DB hosting and management to a 3rd party. We have implemented DBV and ASO/TDE on the main database instance. We are using AV to collect the logs, and allow our security staff to monitor the main production instance.
The production instance, however, has sensitve data within it. We are using TDE to encrypt the data from the 3rd party DBAs. We would like to encrypt the AV repository, as we are auditing certain SQL statements, and they too will include sensitive information.
1) Is it supported to use TDE on the AV repository to ensure 3rd party DBAs cannot see the audit information, and
2) If it is supported, is it possible to get a DocID from MOS to identify how to do this?
Audit Vault has not been tested with TDE at this time. There's no specific reason why moving the AVSYS schema out of SYSAUX into another, encrypted tablespace would cause issues. However, from a certification perspective, that's not there today.