Re: Transparent Data Encryption
- From: David Mann <dmann99@xxxxxxxxx>
- To: "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 12 Mar 2015 10:50:22 -0400
Thanks Jeremy for your insights and Charles for your questions.
I'm moving forward with working TDE support into an 11gR2 project as well.
Implementation and care and feeding of the wallets when creating, cloning,
etc has been going OK. I haven't found enough people that use it in order
to discuss long term handling of the wallets with.
As we only have a handful of databases (<5% of enterprise) which will be
using TDE we can't justify the expense of Key Vault or other 3rd party
products. I want to protect the wallets at a local and remote site but my
challenge is getting the DB ops teams to make sure when they get a ticket
that they know they are operating on a TDE encrypted database and they
should backup the wallet at key times (after creation, before/after
password changes, etc).
I had a dream about a shell script which would return TDE status of a
database and offer to make a backup of the wallet to a secure area. Without
Key Vault are folks just doing these steps manually or is there a good
basic level of automation I should be striving for?
-Dave
--
Dave Mann
General Geekery | www.brainio.us
Database Geekery | www.ba6.us | @ba6dotus | http://www.ba6.us/rss.xml
Other related posts:
