Create the keystore

This section describes how to do the following:

• set up the keystore location

• create the keystore

To create the software keystore:

1. Set the  WALLET_ROOT parameter which specifies the top directory for all types of keystores. For TDE, the directory for automated discovery is WALLET_ROOT/tde. 

2. Set TDE_CONFIGURATION parameter that specifies the type of keystore (software keystore or Oracle Key Vault). In this example, we will set it as FILE.

Example:

su - oracle

mkdir /u01/app/oracle/admin/ora19c/encryption_wallet/

sqlplus / as sysdba

alter system set wallet_root='/u01/app/oracle/admin/ora19c/encryption_wallet/' scope=spfile;

shut immediate

startup

alter pluggable database all open;

alter system set tde_configuration="keystore_configuration=file";

3. Verify that the settings were stored. 

show parameter wallet_root

show parameter tde_configuration

4. Create a password-protected software keystore.

administer key management create keystore identified by SuperSecretPass;

-- check parameter

set pages 300

set lines 300

col WRL_PARAMETER for a55

select * from v$ENCRYPTION_WALLET;

The result should look like this, where the Status is Closed and Wallet_Type is Unknown:

5. Open the keystore and check again.

administer key management set keystore open identified by SuperSecretPass container=all;

select * from v$ENCRYPTION_WALLET;