I want to know which is the best way to configure keystore location for multiple databases on same host. ( DB version : 12.1 )
I have two node RAC and eight instances are up and running on same host. I gone through couple of oracle docs, but getting confused.
I refer : Design and Deployment Techniques and https://docs.oracle.com/database/121/ASOAG/configuring-transparent-data-encryption.htm#ASOAG10276 this doc, in this they said that I have to add entry in sqlnet.ora file.
Yes, we know it is best practice to place the keystore on ACFS/NFS/ASM. But in my case I have to place it in local file system.
Example: Configuring a Software Keystore When Multiple Databases Share the sqlnet.ora File
You can configure multiple databases to share the
The following example shows how to configure a software keystore location when multiple databases share the
ENCRYPTION_WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=/etc/ORACLE/WALLETS/$ORACLE_SID/)))
So, the question is
1) what the best way to add $ORACLE_SID entry in sqlnet.ora file or I have to set $ORACLE_UNIQUENAME in place of $ORACLE_SID ??
2) If I am setting $ORACLE_SID in sqlnet.ora file then whenever the server of db restarted then how it can automatically pick the correct wallet. ( we have created different directory for each instance , like : /u01/app/oracle/admin/wallet/INSTANCE1/ etc..)
3) Should I have to also set $ORACLE_SID/ $ORACLE_UNIQUENAME in .bash_profile, If yes then what value I have to set means for all instances value I have to set ?
4) Can anyone explain what does mean of below step ?
Configuring the sqlnet.ora File for a Software Keystore Location
sqlnet.ora file to configure the keystore location for a regular file system, for multiple database access, and for use with Oracle Automatic Storage Management (ASM).
To create a software keystore on a regular file system, use the following format when you edit the
ENCRYPTION_WALLET_LOCATION= (SOURCE= (METHOD=FILE) (METHOD_DATA= (DIRECTORY=path_to_keystore)))
path_to_keystore will contain an environment variable, then set this variable in the environment where the database instance is started and before you start the database. If you are using the
srvctl utility to start the database, then set the environment variable in the
srvctl environment as well, using the following command:
srvctl setenv database -db database_name -env "environment_variable_name=environment_variable_value"