Oracle 11g 多数据库环境下的TDE设置
19c的TDE wallet的设置是在数据库中设置的,也就是粒度为数据库,因此不会有冲突。
而11g的设置是在sqlnet.ora中,因此有可能产生冲突。
这里先将一个重要概念,按照文档的说法,wallet是不能被数据库共享的。
If there are multiple Oracle databases installed on the same server (for example, databases sharing the same Oracle binary but using different data files), then each database must access its own Transparent Data Encryption wallet. Wallets are not designed to be shared between databases. By design, there must be one wallet per database. You cannot use the same wallet for more than one database.
方法也很简单,就是利用环境变量。
假设1个数据库服务器上有2个11g数据库:orcl和orcl2。
sqlnet.ora的内容为:
ENCRYPTION_WALLET_LOCATION=
(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/home/oracle/app/oracle/wallet/$ORACLE_SID)))
接下来创建目录:
mkdir /home/oracle/app/oracle/wallet
mkdir /home/oracle/app/oracle/wallet/orcl
mkdir /home/oracle/app/oracle/wallet/orcl2
然后在各种数据库中创建wallet和master key即可:
-- ORCL
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Easy2rem";
-- ORCL2
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "Easy2rem";
然后可以看到不同的wallet文件:
$ md5sum /home/oracle/app/oracle/wallet/orcl/ewallet.p12
b417fcbc78e36d00f9fbc9f791dd073c /home/oracle/app/oracle/wallet/orcl/ewallet.p12
$ md5sum /home/oracle/app/oracle/wallet/orcl2/ewallet.p12
4ec6259c904023ace23127f00b8645c9 /home/oracle/app/oracle/wallet/orcl2/ewallet.p12
接下来,也就没什么可说的啦。