Introduction Oracle Autonomous Database provides a fully automated, self-securing database service with a wide range of security features, including: Always-on Transparent Data Encryption (TDE) to secure your data at rest. Automated encrypted backups. SQL*Net encryption for client connections. Oracle-managed and customer-managed encryption keys. Access Control Lists to restrict access to trusted sources only. Database Vault…
Introduction Oracle Databases on Oracle Cloud use the Multitenant Architecture and are encrypted with TDE by default. Creating new PDBs in Data Guard environments while using a local wallet for TDE master encryption keys requires some additional steps to copy the wallet file and recover the PDB on standby. We discussed these approaches in previous…
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service for VM DB Systems, where you are able…
Introduction Gradual Database Password Rollover for Applications is a new feature that was introduced in Oracle Database 21c. Now, it is backported and also available in 19c with RU 19.12. It enables to update an application user’s password while keeping the old password valid for a specific period of time. During this period, the application…
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service, where you are able to create and…
Introduction Oracle Blockchain Table was initially introduced in release version 20c (preview only) and later in 21c, but the feature has been backported and is now available in version 19c as well. Blockchain tables are insert-only tables that provide a highly tamper-resistant persistence option. The rows are chained by storing the previous row’s hash in…
Introduction In this blog post we are going to have a step by step instruction to Enable Transparent Data Encryption (TDE). Create an encrypted tablespace. Create an auto-login wallet/keystore. Create a Secure External Password Store (SEPS). Clone PDBs from local and remote CDBs and create their master encryption keys. I’ll try to keep it as…
Scripts, batch jobs, and application code need to provide a database username and password to connect to the database. Using wallets risk is reduced because such passwords are no longer exposed in plain text, and password management policies are more easily enforced without changing application code whenever user names or passwords change. Connect using the connect…
Security is a primary concern for enterprise customers and one of the most discussed topics when it comes to move to the cloud. The same questions are being raised again and again: Is the cloud secure? Is my data safe their? Does it meet my compliance requirements? Before starting with the technical security features that…
Database Heartbeat 