1 Reply Latest reply on Jul 3, 2019 7:13 AM by Gaurav Kamal - Oracle-Oracle

    How to set keystore location for multiple databases on same host 12.1

    SaumilP

      Hi all,

       

      I want to know which is the best way to configure keystore location for multiple databases on same host. ( DB version : 12.1 )

       

      I have two node RAC and eight instances are up and running on same host. I gone through couple of oracle docs, but getting confused.

       

      I refer : Design and Deployment Techniques  and https://docs.oracle.com/database/121/ASOAG/configuring-transparent-data-encryption.htm#ASOAG10276  this doc, in this they said that I have to add entry in sqlnet.ora file.

       

      Yes, we know it is best practice to place the keystore on ACFS/NFS/ASM. But in my case I have to place it in local file system.

       

       

      Example: Configuring a Software Keystore When Multiple Databases Share the sqlnet.ora File

       

      You can configure multiple databases to share the sqlnet.ora file.

      The following example shows how to configure a software keystore location when multiple databases share the sqlnet.ora file.

      ENCRYPTION_WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=/etc/ORACLE/WALLETS/$ORACLE_SID/))) 

       

      So, the question is

      1) what the best way to add $ORACLE_SID entry in sqlnet.ora file or I have to set $ORACLE_UNIQUENAME in place of $ORACLE_SID ??

      2) If I am setting $ORACLE_SID in sqlnet.ora file then whenever the server of db restarted then how it can automatically pick the correct wallet. ( we have created different directory for each instance , like : /u01/app/oracle/admin/wallet/INSTANCE1/ etc..)

      3) Should I have to also set  $ORACLE_SID/ $ORACLE_UNIQUENAME  in .bash_profile, If yes then what value I have to set means for all instances value I have to set ?

       

      4) Can anyone explain what does mean of below step ?

      Configuring the sqlnet.ora File for a Software Keystore Location

       

      Use the sqlnet.ora file to configure the keystore location for a regular file system, for multiple database access, and for use with Oracle Automatic Storage Management (ASM).

      To create a software keystore on a regular file system, use the following format when you edit the sqlnet.ora file:

      ENCRYPTION_WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=path_to_keystore))) 

      If the path_to_keystore will contain an environment variable, then set this variable in the environment where the database instance is started and before you start the database. If you are using the srvctl utility to start the database, then set the environment variable in the srvctl environment as well, using the following command:

      srvctl setenv database -db database_name -env "environment_variable_name=environment_variable_value" 

       

      Thanks