Introduction Oracle Autonomous Database provides a fully automated, self-securing database service with a wide range of security features, including: Always-on Transparent Data Encryption (TDE) to secure your data at rest. Automated encrypted backups. SQL*Net encryption for client connections. Oracle-managed and customer-managed encryption keys. Access Control Lists to restrict access to trusted sources only. Database Vault…
Category: Database Security
Creating PDBs in Data Guard Environments while using OCI Vault for TDE Key Management
Introduction Oracle Databases on Oracle Cloud use the Multitenant Architecture and are encrypted with TDE by default. Creating new PDBs in Data Guard environments while using a local wallet for TDE master encryption keys requires some additional steps to copy the wallet file and recover the PDB on standby. We discussed these approaches in previous…
How to use Customer-Managed TDE Encryption Keys on VM DB Systems in Oracle Cloud
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service for VM DB Systems, where you are able…
Having two valid Database User Passwords at the same time???
Introduction Gradual Database Password Rollover for Applications is a new feature that was introduced in Oracle Database 21c. Now, it is backported and also available in 19c with RU 19.12. It enables to update an application user’s password while keeping the old password valid for a specific period of time. During this period, the application…
How to use Customer-Managed TDE Encryption Keys in Oracle Exadata Cloud Service
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service, where you are able to create and…
Blockchain Table in Oracle Database 19.10 and 19.11 – How and what to Consider!
Introduction Oracle Blockchain Table was initially introduced in release version 20c (preview only) and later in 21c, but the feature has been backported and is now available in version 19c as well. Blockchain tables are insert-only tables that provide a highly tamper-resistant persistence option. The rows are chained by storing the previous row’s hash in…
Enable TDE, auto-login wallet, and Secure External Password Store (SEPS)
Introduction In this blog post we are going to have a step by step instruction to Enable Transparent Data Encryption (TDE). Create an encrypted tablespace. Create an auto-login wallet/keystore. Create a Secure External Password Store (SEPS). Clone PDBs from local and remote CDBs and create their master encryption keys. I’ll try to keep it as…
Connect to Oracle (Autonomous) Database using Secure External Password Store (SEPS)
Scripts, batch jobs, and application code need to provide a database username and password to connect to the database. Using wallets risk is reduced because such passwords are no longer exposed in plain text, and password management policies are more easily enforced without changing application code whenever user names or passwords change. Connect using the connect…
Security Features in Oracle Autonomous Database
Security is a primary concern for enterprise customers and one of the most discussed topics when it comes to move to the cloud. The same questions are being raised again and again: Is the cloud secure? Is my data safe their? Does it meet my compliance requirements? Before starting with the technical security features that…