{"id":11378,"date":"2018-06-29T14:45:34","date_gmt":"2018-06-29T12:45:34","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/"},"modified":"2023-06-09T16:59:08","modified_gmt":"2023-06-09T14:59:08","slug":"dataguard-and-transparent-data-encryption","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/","title":{"rendered":"DataGuard and Transparent Data Encryption"},"content":{"rendered":"<p><strong>By Mouhamadou Diaw<\/strong><\/p>\n<p>Setting up a DatagGard environment for a database with Transparent Data Encryption requires some tasks concerning the encryption keys. Otherwise the steps are the same than for an environment without TDE.<br \/>\nIn this blog we will present the tasks we have to do on both primary and standby servers for the keys. We will not describe the procedure to build the standby database. We will just talk about tasks for the wallet and we will verify that data for encrypted tables are being replicated.<br \/>\nWe are using oracle 12.2 and a non-container database.<br \/>\n<strong>Tasks on primary side<\/strong><br \/>\nFirst on the primary server we have to configure the keystore location. This will be done by updating the sqlnet.ora with the directory whch will contain the keys.<\/p>\n<div>\n<div id=\"highlighter_468503\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">[oracle@primaserver ~]$<\/code><code class=\"bash functions\">mkdir<\/code> <code class=\"bash plain\">\/u01\/app\/wallet<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">[oracle@primaserver admin]$ <\/code><code class=\"bash functions\">cat<\/code> <code class=\"bash plain\">sqlnet.ora<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash comments\"># sqlnet.ora Network Configuration File: \/u01\/app\/oracle\/product\/12.2.0\/dbhome_1\/network\/admin\/sqlnet.ora<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash comments\"># Generated by Oracle configuration tools.<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"bash plain\">NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"bash comments\"># For TDE<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"bash plain\">ENCRYPTION_WALLET_LOCATION=<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"bash spaces\">\u00a0<\/code><code class=\"bash plain\">(SOURCE=<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"bash spaces\">\u00a0\u00a0<\/code><code class=\"bash plain\">(METHOD=<\/code><code class=\"bash functions\">file<\/code><code class=\"bash plain\">)<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">(METHOD_DATA=<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">(DIRECTORY=<\/code><code class=\"bash plain\">\/u01\/app\/wallet<\/code><code class=\"bash plain\">)))<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"bash plain\">[oracle@primaserver admin]$<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>After on the primary we have to create the keystore.<\/p>\n<div>\n<div id=\"highlighter_844007\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; ADMINISTER <\/code><code class=\"sql keyword\">KEY<\/code> <code class=\"sql plain\">MANAGEMENT <\/code><code class=\"sql keyword\">CREATE<\/code> <code class=\"sql plain\">KEYSTORE <\/code><code class=\"sql string\">'\/u01\/app\/wallet'<\/code> <code class=\"sql plain\">identified <\/code><code class=\"sql keyword\">by<\/code> <code class=\"sql plain\">root ;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">keystore altered.<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Next we have to open the keystore before creating the master key<\/p>\n<div>\n<div id=\"highlighter_498243\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; ADMINISTER <\/code><code class=\"sql keyword\">KEY<\/code> <code class=\"sql plain\">MANAGEMENT <\/code><code class=\"sql keyword\">set<\/code> <code class=\"sql plain\">KEYSTORE <\/code><code class=\"sql keyword\">open<\/code>\u00a0\u00a0 <code class=\"sql plain\">identified <\/code><code class=\"sql keyword\">by<\/code> <code class=\"sql plain\">root ;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">keystore altered.<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>And then we can create the master key.<\/p>\n<div>\n<div id=\"highlighter_67285\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">SQL&gt; ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY root WITH BACKUP;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">keystore altered.<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>The wallet should be open before we can access to encrypted objects. So every time the database starts up, we have to manually open the wallet. To avoid this we can just create an auto_login wallet which will automatically opened at each database startup.<\/p>\n<div>\n<div id=\"highlighter_956020\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">SQL&gt; ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE <\/code><code class=\"bash string\">'\/u01\/app\/wallet'<\/code> <code class=\"bash plain\">identified by root;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">keystore altered.<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p><strong>Tasks on standby side<\/strong><br \/>\nOn the standby side we just have to copy files in the wallet and to update the sqlnet.ora file.<\/p>\n<div>\n<div id=\"highlighter_185681\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">[oracle@primaserver wallet]$ <\/code><code class=\"bash functions\">pwd<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">\/u01\/app\/wallet<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">[oracle@primaserver wallet]$ <\/code><code class=\"bash functions\">ls<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash plain\">cwallet.sso\u00a0 ewallet_2018062707462646.p12\u00a0 ewallet.p12<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash plain\">[oracle@primaserver wallet]$ <\/code><code class=\"bash functions\">scp<\/code> <code class=\"bash plain\">* standserver1:$PWD<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash plain\">oracle@standserver1's password:<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"bash plain\">cwallet.sso\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 100% 3891\u00a0\u00a0\u00a0\u00a0 3.8KB<\/code><code class=\"bash plain\">\/s<\/code>\u00a0\u00a0 <code class=\"bash plain\">00:00<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"bash plain\">ewallet_2018062707462646.p12\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 100% 2400\u00a0\u00a0\u00a0\u00a0 2.3KB<\/code><code class=\"bash plain\">\/s<\/code>\u00a0\u00a0 <code class=\"bash plain\">00:00<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"bash plain\">ewallet.p12\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>And that\u2019s all. We can now configure our standby database. Below our configuration<\/p>\n<div>\n<div id=\"highlighter_860841\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">DGMGRL&gt; show configuration;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">Configuration - DGTDE<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash spaces\">\u00a0\u00a0<\/code><code class=\"bash plain\">Protection Mode: MaxPerformance<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash spaces\">\u00a0\u00a0<\/code><code class=\"bash plain\">Members:<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"bash spaces\">\u00a0\u00a0<\/code><code class=\"bash plain\">DGTDE_SITE1 - Primary database<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">DGTDE_SITE2 - Physical standby database<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"bash plain\">Fast-Start Failover: DISABLED<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"bash plain\">Configuration Status:<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"bash plain\">SUCCESS\u00a0\u00a0 (status updated 1 second ago)<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"bash plain\">DGMGRL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>Now let\u2019s verify that encrypted data are being replicated. We have a table with an encrypted column<\/p>\n<div>\n<div id=\"highlighter_652262\" class=\"syntaxhighlighter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">SQL&gt; show user<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">USER is <\/code><code class=\"bash string\">\"SCOTT\"<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">SQL&gt; desc TEST_COL_ENC<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash spaces\">\u00a0<\/code><code class=\"bash plain\">Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Null?\u00a0\u00a0\u00a0 Type<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash spaces\">\u00a0<\/code><code class=\"bash plain\">----------------------------------------- -------- ----------------------------<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash spaces\">\u00a0<\/code><code class=\"bash plain\">ID\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 NUMBER<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"bash spaces\">\u00a0<\/code><code class=\"bash plain\">DESIGNATION\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 VARCHAR2(30) ENCRYPT<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"bash plain\">SQL&gt; <\/code><code class=\"bash functions\">select<\/code> <code class=\"bash plain\">* from TEST_COL_ENC;<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">ID DESIGNATION<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"bash plain\">---------- ------------------------------<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">1 toto<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">2 tito<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"bash spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"bash plain\">3 tata<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"bash plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>And let\u2019s insert some data form the primary<\/p>\n<div>\n<div id=\"highlighter_470721\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">insert<\/code> <code class=\"sql keyword\">into<\/code> <code class=\"sql plain\">TEST_COL_ENC <\/code><code class=\"sql keyword\">values<\/code> <code class=\"sql plain\">(4,<\/code><code class=\"sql string\">'titi'<\/code><code class=\"sql plain\">);<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">1 row created.<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">insert<\/code> <code class=\"sql keyword\">into<\/code> <code class=\"sql plain\">TEST_COL_ENC <\/code><code class=\"sql keyword\">values<\/code> <code class=\"sql plain\">(5,<\/code><code class=\"sql string\">'teti'<\/code><code class=\"sql plain\">);<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"sql plain\">1 row created.<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">commit<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"sql keyword\">Commit<\/code> <code class=\"sql plain\">complete.<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>From the standby let\u2019s query the table<\/p>\n<div>\n<div id=\"highlighter_483632\" class=\"syntaxhighlighter  sql\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"gutter\">\n<div class=\"line number1 index0 alt2\">1<\/div>\n<div class=\"line number2 index1 alt1\">2<\/div>\n<div class=\"line number3 index2 alt2\">3<\/div>\n<div class=\"line number4 index3 alt1\">4<\/div>\n<div class=\"line number5 index4 alt2\">5<\/div>\n<div class=\"line number6 index5 alt1\">6<\/div>\n<div class=\"line number7 index6 alt2\">7<\/div>\n<div class=\"line number8 index7 alt1\">8<\/div>\n<div class=\"line number9 index8 alt2\">9<\/div>\n<div class=\"line number10 index9 alt1\">10<\/div>\n<div class=\"line number11 index10 alt2\">11<\/div>\n<div class=\"line number12 index11 alt1\">12<\/div>\n<div class=\"line number13 index12 alt2\">13<\/div>\n<div class=\"line number14 index13 alt1\">14<\/div>\n<div class=\"line number15 index14 alt2\">15<\/div>\n<div class=\"line number16 index15 alt1\">16<\/div>\n<div class=\"line number17 index16 alt2\">17<\/div>\n<\/td>\n<td class=\"code\">\n<div class=\"container\">\n<div class=\"line number1 index0 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">select<\/code> <code class=\"sql plain\">db_unique_name,open_mode <\/code><code class=\"sql keyword\">from<\/code> <code class=\"sql plain\">v$<\/code><code class=\"sql keyword\">database<\/code><code class=\"sql plain\">;<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"sql plain\">DB_UNIQUE_NAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN_MODE<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"sql comments\">------------------------------ --------------------<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"sql plain\">DGTDE_SITE2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/code><code class=\"sql keyword\">READ<\/code> <code class=\"sql keyword\">ONLY<\/code> <code class=\"sql keyword\">WITH<\/code> <code class=\"sql plain\">APPLY<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"sql plain\">SQL&gt; <\/code><code class=\"sql keyword\">select<\/code> <code class=\"sql plain\">* <\/code><code class=\"sql keyword\">from<\/code> <code class=\"sql plain\">scott.TEST_COL_ENC;<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">ID DESIGNATION<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"sql comments\">---------- ------------------------------<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">4 titi<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">5 teti<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">1 toto<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">2 tito<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><code class=\"sql spaces\">\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/code><code class=\"sql plain\">3 tata<\/code><\/div>\n<div class=\"line number16 index15 alt1\"><\/div>\n<div class=\"line number17 index16 alt2\"><code class=\"sql plain\">SQL&gt;<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<p>To finish we will remind following notes about DataGuard and TDE (Oracle Documentation)<\/p>\n<p>The database encryption wallet on a physical standby database must be replaced with a fresh copy of the database encryption wallet from the primary database whenever the TDE master encryption key is reset on the primary database.<\/p>\n<p>For online tablespaces and databases, as of Oracle Database 12c Release 2 (12.2.0.1), you can encrypt, decrypt, and re-key both new and existing tablespaces, and existing databases within an Oracle Data Guard environment. This tasks will be automatically performed on the standby once done on the primary. Note that these online tasks cannot be done directly on the standby side.<\/p>\n<p>In an offline conversion, the encryption or decryption must be performed manually on both the primary and standby. An offline conversion affects the data files on the particular primary or standby database only. Both the primary and physical standby should be kept at the same state. You can minimize downtime by encrypting (or decrypting) the tablespaces on the standby first, switching over to the primary, and then encrypting (or decrypting) the tablespaces on the primary.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Mouhamadou Diaw Setting up a DatagGard environment for a database with Transparent Data Encryption requires some tasks concerning the encryption keys. Otherwise the steps are the same than for an environment without TDE. In this blog we will present the tasks we have to do on both primary and standby servers for the keys. [&hellip;]<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,198,59],"tags":[999,96,448,449],"type_dbi":[],"class_list":["post-11378","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-database-management","category-oracle","tag-dataguard","tag-oracle","tag-tde","tag-transparent-data-encryption"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>DataGuard and Transparent Data Encryption - dbi Blog<\/title>\n<meta name=\"description\" content=\"Transparent data encryption, TDE,Oracle,DataGuard\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DataGuard and Transparent Data Encryption\" \/>\n<meta property=\"og:description\" content=\"Transparent data encryption, TDE,Oracle,DataGuard\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-29T12:45:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-09T14:59:08+00:00\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"DataGuard and Transparent Data Encryption\",\"datePublished\":\"2018-06-29T12:45:34+00:00\",\"dateModified\":\"2023-06-09T14:59:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\"},\"wordCount\":464,\"commentCount\":1,\"keywords\":[\"DataGuard\",\"Oracle\",\"TDE\",\"Transparent data encryption\"],\"articleSection\":[\"Database Administration &amp; Monitoring\",\"Database management\",\"Oracle\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\",\"name\":\"DataGuard and Transparent Data Encryption - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2018-06-29T12:45:34+00:00\",\"dateModified\":\"2023-06-09T14:59:08+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\"},\"description\":\"Transparent data encryption, TDE,Oracle,DataGuard\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DataGuard and Transparent Data Encryption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"DataGuard and Transparent Data Encryption - dbi Blog","description":"Transparent data encryption, TDE,Oracle,DataGuard","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/","og_locale":"en_US","og_type":"article","og_title":"DataGuard and Transparent Data Encryption","og_description":"Transparent data encryption, TDE,Oracle,DataGuard","og_url":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/","og_site_name":"dbi Blog","article_published_time":"2018-06-29T12:45:34+00:00","article_modified_time":"2023-06-09T14:59:08+00:00","author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"DataGuard and Transparent Data Encryption","datePublished":"2018-06-29T12:45:34+00:00","dateModified":"2023-06-09T14:59:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/"},"wordCount":464,"commentCount":1,"keywords":["DataGuard","Oracle","TDE","Transparent data encryption"],"articleSection":["Database Administration &amp; Monitoring","Database management","Oracle"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/","url":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/","name":"DataGuard and Transparent Data Encryption - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2018-06-29T12:45:34+00:00","dateModified":"2023-06-09T14:59:08+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"description":"Transparent data encryption, TDE,Oracle,DataGuard","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/dataguard-and-transparent-data-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"DataGuard and Transparent Data Encryption"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/11378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=11378"}],"version-history":[{"count":1,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/11378\/revisions"}],"predecessor-version":[{"id":25772,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/11378\/revisions\/25772"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=11378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=11378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=11378"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=11378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}