1. What is TDE?
Briefly speaking, TDE is used to encrypted data.
2. The benifits:
Belows are come from Oracle Offical:
-
As a security administrator, you can be sure that sensitive data is encrypted and therefore safe in the event that the storage media or data file is stolen.
-
Using TDE helps you address security-related regulatory compliance issues.
-
You do not need to create auxiliary tables, triggers, or views to decrypt data for the authorized user or application. Data from tables is transparently decrypted for the database user and application. An application that processes sensitive data can use TDE to provide strong data encryption with little or no change to the application.
-
Data is transparently decrypted for database users and applications that access this data. Database users and applications do not need to be aware that the data they are accessing is stored in encrypted form.
-
You can encrypt data with zero downtime on production systems by using online table redefinition or you can encrypt it offline during maintenance periods. (See Oracle Database Administrator’s Guide for more information about online table redefinition.)
-
You do not need to modify your applications to handle the encrypted data. The database manages the data encryption and decryption.
-
Oracle Database automates TDE master encryption key and keystore management operations. The user or application does not need to manage TDE master encryption keys.
3. Operation steps: (actual experience)
a) Create a wallet file in the location($ORACLE_HOME/admin/{dbinstance}/wallet)
b) Create a key and open the wallet.
Alter system set encryption key identified by '{KeyPass}';
c) Open the wallet
Alter system set encryption key open identified by '{KeyPass}';
d) Check the status for above key.
select * from v$encryption_wallet;
e) Create a encrypt tablespace to store encrypted data.
create tablespace idaas datafile '***.dbf' SIZE 2G AUTOEXTEND ON NEXT 100M ENCRYPTION DEFAULT STORAGE(ENCRYPT);