Data Redaction in Oracle Database 12c

I want to explain about a new feature in oracle 12c that I’ve studied recently. It’s one of the best features that I’ve seen recently in oracle security.

Data Redaction in Oracle Database 12c

Data Redaction is a new advance feature in oracle 12c that enables the protection of data shown to the user in real time, without requiring changes to the application. In before version also we have some features about it like VDP but above feature are very structured. You can read and implement daa Redaction completely in oracle web site with below link.

http://www.oracle.com/technetwork/articles/database/data-redaction-odb12c-2331480.html

Thanks in Advance

Configure Oracle Transparent Data Encryption (TDE) wallet on the ACFS file system on ASM (RAC 11.2.0.4)

In this post I want to configure TDE on RAC database .

On Node1 :

1- Config ACFS file system

using the following commands as the root user.

$ $GRID_HOME/bin/acfsload start –s
--------------------------------------------------------------------------------------------------------------------------
2- Connect to asmcmd as the grid user

ASMCMD> volcreate -G FRA -s 10G TDE_WALLET1

ASMCMD> volinfo -G fra TDE_WALLET1
Diskgroup Name: FRA

         Volume Name: TDE_WALLET1
         Volume Device: /dev/asm/tde_wallet1-306
         State: ENABLED
         Size (MB): 10240
         Resize Unit (MB): 32
         Redundancy: UNPROT
         Stripe Columns: 4
         Stripe Width (K): 128
         Usage:
         Mountpath:
--------------------------------------------------------------------------------------------------------------------------
3- Set the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora to the newly created directory:

[oracle@test]$ vi sqlnet.ora

ENCRYPTION_WALLET_LOCATION =
        (SOURCE = (METHOD = FILE)
        (METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))

--------------------------------------------------------------------------------------------------------------------------
4- Create a file system with the Oracle ACFS mkfs command.

[grid@test]$ /sbin/mkfs -t acfs /dev/asm/tde_wallet1-306
--------------------------------------------------------------------------------------------------------------------------
5- Making the required path

[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/
--------------------------------------------------------------------------------------------------------------------------
6- Optionally register the file system with the acfsutil registry command.

[grid@test]$ /sbin/acfsutil registry -a /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------
7- Mount the file system with the Oracle ACFS mount command.

[root@test]# cd $GRID_HOME

[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb
--------------------------------------------------------------------------------------------------------------------------

8- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:

SQL> alter system set encryption key identified by "password";
--------------------------------------------------------------------------------------------------------------------------
9- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:


[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login

SQL> alter system set encryption wallet open identified by "password";

SQL> select status from gv$encryption_wallet;
STATUS
-----------
OPEN

--------------------------------------------------------------------------------------------------------------------------
1- On Node2 :

using the following commands as the root user.

$ $GRID_HOME/bin/acfsload start –s

--------------------------------------------------------

2- Set the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora to the newly created directory:

[oracle@test]$ vi sqlnet.ora

ENCRYPTION_WALLET_LOCATION =
        (SOURCE = (METHOD = FILE)
        (METHOD_DATA = (DIRECTORY =/oracle/admin/orcl/wallet/wallet-testdb )))
--------------------------------------------------------

3- Making the required path

[root@test]# mkdir -pv /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall /oracle/admin/orcl/wallet/wallet-testdb
[root@test]# chown -R oracle:oinstall wallet/

--------------------------------------------------------

4- Mount the file system with the Oracle ACFS mount command.

[root@test]# cd $GRID_HOME

[root@test]# /bin/mount -t acfs /dev/asm/tde_wallet1-306 /oracle/admin/orcl/wallet/wallet-testdb

--------------------------------------------------------

5- Initialize the wallet and add the master encryption key using the SQL*Plus command line interface:

SQL> alter system set encryption key identified by "password";

--------------------------------------------------------

6- Opening the wallet is a manual operation and must be performed to make the master encryption key available to the database. Optionally, the master key can be copied into an ‘auto-open’ wallet. This can be done either using Oracle Enterprise Manager, Oracle Wallet Manager or the ‘orapki’ utility:

[oracle@test]$ orapki wallet create -wallet /oracle/admin/orcl/wallet/wallet-testdb -auto_login

SQL> alter system set encryption wallet open identified by "password";

SQL> select status from gv$encryption_wallet;

STATUS
-----------
OPEN
OPEN