What is TDE ?
TDE stands for “transparent data encryption”. TDE is part of Oracle Advanced Security Option for Enterprise Edition. Data at rest are encrypted and ONLY authorized users who have access control privilege will read de-crypted data. So, TDE protects your from direct access to the database host server or backup media that has copies of your data files.
TDE Master Key encryption can be managed through Oracle Wallet Manager.
Example of column data encryption:
The following table will be created with column “salary_information”
SQL> create table EMPLOYEE.EMPLOYEE_INFORMATION(first_name varchar2(20),last_name varchar2(30), EMPLOYEE_ID char(18), salary_information number(10,2) ENCRYPT using ‘AES256’ NO SALT);
For Tablespace Encryption:
- You cannot encrypt an existing tablespace.
- You can use” Data Pump” method OR “alter table move” to move data to newly encrypted tablespace.
Example of creating encrypted tablespace :
CREATE TABLESPACE tablespace_new
DATAFILE ‘/app/oracle/oradata/tablespace2.ORA’ SIZE 200M
ENCRYPTION USING ‘AES25’ DEFAULT STORAGE (ENCRYPT);