Transparent Data Encryption (TDE) in 12c and RTFM Carefully

I keep thinking I’m moving forward with this Oracle database 12c stuff, but around every corner there is another surprise. A few days ago I was setting up a demo for Transparent Data Encryption (TDE) in 12c using my existing articles (10g, 11g). That’s when I noticed things had changed, so I had to use an 11g instance for the demo and make a note to revisit TDE for 12c…

On revisiting the subject, I saw that the encryption key management has changed in 12c. What’s more, if you are using the multitenant option it is a bit different again. That resulted in this article.

While I was working through this I was getting some freaky results, which were driving me mad. Whilst trying to figure out that I noticed I had two PDBs of the same name under a single listener. I had created two test instances (cdb1 and cdb2), each with a PDB called “pdb1”. There is a sentence in the docs to say this is not a good idea, which resulted in this little article.

So it turns out that TDE works fine, provided you are not an idiot. 🙂

The moral of the story is RTFM carefully, because sometimes a single sentence can make all the difference!



Tablespace Encryption in 11g…

I spent yesterday looking at the Tablespace Encryption feature in Oracle 11g. If you’ve used the Transparent Data Encryption (TDE) feature in 10g release 2, you’ll see this is more of the same. The difference here is eveything in the tablespace is encrypted, rather than having to decide on a column-by-column basis. Just create the appropriate tablespace and Bob’s your uncle!

You may notice the article conveniently side-steps the Hardware Security Modules related functionality. I don’t have one so I can’t test it out. 🙂

For most of the stuff I work on, encrypting all the columns in a table is overkill, but I guess there are some areas where this is a big priority. It’s good to know it’s there in case you ever need it. 🙂