1 Reply Latest reply: Oct 1, 2013 3:37 AM by DK2010 RSS

    TDE Wallets & Multiple Databases on same Host

    dba69

      The Oracle TDE Best Practices (doc ID 130696) states this:

       


      Multiple databases on the same host

       

      If there are multiple Oracle Databases installed on the same server, they
      must access their own individual TDE wallet. Sharing the same wallet between independent instances is not supported
      and can potentially lead to the loss of encrypted data.

       

      If the databases share the same ORACLE_HOME, they also share the same
      sqlnet.ora file in $TNS_ADMIN . In order to access their individual wallet, the
      DIRECTORY entry for the ENCRYPTION_WALLET_LOCATION
      needs to point each database to its own wallet location:
      DIRECTORY= /etc/ORACLE/WALLETS/$ORACLE_UNQNAME
      The names of the subdirectories under /etc/ORACLE/WALLETS/ reflect
      the ORACLE_UNQNAME names of the individual databases.

       

      If the databases do not share the same ORACLE_HOME, they will also have their individual sqlnet.ora
      files that have to point to the individual subdirectories.

       


      What is the correct sqlnet.ora syntax to do this?  I currently have what is below but it doesn't seem to be correct:
      ENCRYPTION_WALLET_LOCATION =
        (SOURCE = (METHOD = FILE)
        (METHOD_DATA =
        (DIRECTORY = /local/oracle/admin/wallet/DB#1)
        (DIRECTORY = /local/oracle/admin/wallet/DB#2)
        )
        )

        • 1. Re: TDE Wallets & Multiple Databases on same Host
          DK2010

          Hi,

           

           

          You can check this :Setting ENCRYPTION_WALLET_LOCATION For Wallets Of Multiple Instances Sharing The Same Oracle Home (Doc ID 1504783.1)

          i haven't done this for multiple database, but as per Doc you can use the syntex like

           

           

          ENCRYPTION_WALLET_LOCATION =

            (SOURCE = (METHOD = FILE)

            (METHOD_DATA =

            (DIRECTORY = /local/oracle/admin/wallet/$ORACLE_UNQNAME)

            )

            )

           

           

          Whenever you set the Environmnet with

          export $ORACLE_UNQNAME=DB#1 

          it will choose the file from respective directory like  /local/oracle/admin/wallet/DB#1

           

          HTH