23ai + DBCA + TDE<\/h1>\n
When running the 23ai on-prem more options are available. The examples below were made using the Free Edition of 23ai, but when the full release of 23ai will be available, the options will be the same.<\/p>\n
<\/p>\n
There are a lot of options for dbca in silent mode at 23ai<\/a>:<\/p>\n The options are linked to the encryption algorithm to be used, the TDE password, the TDE type, and what is desired to be encrypted. The most common to be used will be:<\/p>\n Whatever the wallet type to be used, the first thing is to create the directory where the wallet will be saved. For RAC, this path needs to be shared for all instances of the cluster:<\/p>\n The most used option is the AUTO_LOGIN type, and dbca can be called like this:<\/p>\n Bellow is possible to notice that the wallet was created as requested, and since specified the encryptTablespaces equals ALL, everything is encrypted:<\/p>\n Update 13\/Aug<\/strong>: The information below was updated. Peter Wahl<\/a>, PM from TDE and Oracle Key Vault nicely contacted me to clarify the information.<\/em><\/p>\n The next wallet type is the LOCAL_AUTO_LOGIN wallet, which creates a special TDE wallet that can be used only on the computer that created it (more info in the Security Guide doc<\/a>).<\/p>\n[oracle@exxc05db01-]$ dbca -silent -createDatabase -help\r\n -createDatabase - Command to Create a database.\r\n -responseFile | (-gdbName -templateName)\r\n -responseFile - <Fully qualified path for a response file>\r\n -gdbName <Global database name>\r\n -templateName <Specify an existing template in default location or the complete template path for DB Creation or provide a new template name for template creation>\r\n [-adminManaged | -managementPolicy]\r\n [-adminManaged <Admin managed database, this is default option>]\r\n [-managementPolicy <AUTOMATIC | RANK> Database management Policy, default value is AUTOMATIC]\r\n [-characterSet <Character set for the database>]\r\n [-configureTDE <true | false> Specify true to configure TDE wallet]\r\n [-encryptPDBTablespaces <Specify ALL to encrypt all Tablespaces or A comma separated list of name:value pairs with tablespace encryption to true\/false. For example SYSTEM:true,SYSAUX:false>]\r\n [-encryptTablespaces <Specify ALL to encrypt all Tablespaces or A comma separated list of name:value pairs with tablespace encryption to true\/false. For example SYSTEM:true,SYSAUX:false>]\r\n [-pdbTDEPassword <Specify password for PDB TDE wallet>]\r\n [-primaryDBTdeWallet <Specify the location for TDE wallet of primary database>]\r\n [-sourcePdbTDEPassword <Specify password for source PDB TDE wallet and it is used only in creation of PDB from existing PDB which has TDE wallet>]\r\n [-sourceTdeWalletPassword <Specify password for source database TDE wallet>]\r\n [-tdeAlgorithm <Specify the TDE Algorithm Type.>]\r\n [-tdeWalletLoginType <Specify the TDE Wallet Login Type, PASSWORD | AUTO_LOGIN | LOCAL_AUTO_LOGIN. Default is PASSWORD for SI and AUTO_LOGIN is default for RAC]\r\n [-tdeWalletModeForPDB <Type of keystore, either UNITED or ISOLATED. Default is UNITED>]\r\n [-tdeWalletPassword <Specify password for TDE wallet>]\r\n [-tdeWalletPathInTarFile <value>]\r\n [-tdeWalletRoot <Specify the location for TDE wallet root init parameter>]\r\n [-createListener <Create a new listener to register your database. Specify in format, LISTENER_NAME:PORT>]\r\n\u2026\r\n\u2026<\/pre>\n
\n
[oracle@o23fdc21 ~]$ mkdir \/opt\/oracle\/admin\/FREE\/wallet -p\r\n[oracle@o23fdc21 ~]$<\/pre>\n
AUTO_LOGIN<\/h2>\n
[oracle@o23fdc21 ~]$ dbca -silent -createDatabase -templateName FREE_Database.dbc -gdbName FREE -adminManaged -sid FREE -sysPassword oracle23ai -systemPassword oracle23ai -createAsContainerDatabase TRUE -useLocalUndoForPDBs TRUE -characterSet AL32UTF8 -emConfiguration NONE -storageType FS -datafileDestination \/opt\/oracle\/oradata\/ -databaseConfigType SINGLE -configureTDE TRUE -tdeWalletRoot \/opt\/oracle\/admin\/FREE\/wallet -tdeWalletLoginType AUTO_LOGIN -TdeWalletPassword 'fdertyhj4567890h32aghte2457AAABB' -encryptPDBTablespaces ALL -encryptTablespaces ALL\r\n[WARNING] [DBT-06208] The 'SYS' password entered does not conform to the Oracle recommended standards.\r\n CAUSE:\r\na. Oracle recommends that the password entered should be at least 8 characters in length, contain at least 1 uppercase character, 1 lower case character and 1 digit [0-9].\r\nb.The password entered is a keyword that Oracle does not recommend to be used as password\r\n ACTION: Specify a strong password. If required refer Oracle documentation for guidelines.\r\n[WARNING] [DBT-06208] The 'SYSTEM' password entered does not conform to the Oracle recommended standards.\r\n CAUSE:\r\na. Oracle recommends that the password entered should be at least 8 characters in length, contain at least 1 uppercase character, 1 lower case character and 1 digit [0-9].\r\nb.The password entered is a keyword that Oracle does not recommend to be used as password\r\n ACTION: Specify a strong password. If required refer Oracle documentation for guidelines.\r\nPrepare for db operation\r\n10% complete\r\nCopying database files\r\n12% complete\r\n40% complete\r\nCreating and starting Oracle instance\r\n42% complete\r\n46% complete\r\n47% complete\r\n51% complete\r\n55% complete\r\n60% complete\r\nCompleting Database Creation\r\n66% complete\r\n69% complete\r\n70% complete\r\nExecuting Post Configuration Actions\r\n100% complete\r\nDatabase creation complete. For details check the logfiles at:\r\n \/opt\/oracle\/cfgtoollogs\/dbca\/FREE.\r\nDatabase Information:\r\nGlobal Database Name:FREE\r\nSystem Identifier(SID):FREE\r\nLook at the log file \"\/opt\/oracle\/cfgtoollogs\/dbca\/FREE\/FREE0.log\" for further details.\r\n[oracle@o23fdc21 ~]$<\/pre>\n
[oracle@o23fdc21 ~]$ sqlplus \/ as sysdba\r\n\r\nSQL*Plus: Release 23.0.0.0.0 - Production on Sun Jul 14 19:42:28 2024\r\nVersion 23.4.0.24.05\r\n\r\nCopyright (c) 1982, 2024, Oracle. All rights reserved.\r\n\r\n\r\nConnected to:\r\nOracle Database 23ai Free Release 23.0.0.0.0 - Develop, Learn, and Run for Free\r\nVersion 23.4.0.24.05\r\n\r\nSQL> set linesize 255\r\nSQL> select TABLESPACE_NAME, ENCRYPTED, con_id from cdb_tablespaces order by con_id, TABLESPACE_NAME;\r\n\r\nTABLESPACE_NAME ENC CON_ID\r\n------------------------------ --- ----------\r\nSYSAUX YES 1\r\nSYSTEM YES 1\r\nTEMP YES 1\r\nUNDOTBS1 YES 1\r\nUSERS YES 1\r\n\r\nSQL> exit\r\nDisconnected from Oracle Database 23ai Free Release 23.0.0.0.0 - Develop, Learn, and Run for Free\r\nVersion 23.4.0.24.05\r\n[oracle@o23fdc21 ~]$<\/pre>\n
LOCAL_AUTO_LOGIN<\/h2>\n
![\"\"](\"https:\/\/www.fernandosimon.com\/blog\/wp-content\/uploads\/2021\/08\/red-checklist.jpg\")
<\/a><\/p>\n