Hi Mallik. Excellent video. I have one question. How do I confirm that the data is encrypted ? I have autologin wallet in OPEN state and created a sample table with an encrypted column but when I query the table, I can still see the original data instead of some encrypted text.
Thanks Mallik for this nice presentation it helped me in one of the db data encryption ** One thing I am not able to connect is why these .dbf file require and do we need to create it manually every time. ** second thing how we can check the Column level encryption has encrypted the data I mean can we see the encrypted data while triggering the select query on particular column. is there any way where i can see the table data with column value is encrypted.
Thanks for sharing all questions and answers mallik sir 1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password. >>> If we loose wallet password there is no way we can retrive the password >>> Best way to manage wallet to having wallet backups >>> Refer MOS note: 1342875.1 2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces? >>> We have to restore wallet from its backup >>> If you loose your wallet, You can not access encrypted tablespace or columns >>> No way you can make use of these encrypted tablespace 3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted . >>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT; OR >>> You can crete new TS with encryption and move object from old TS to new encrypted TS 4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago . >>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side. >>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side 5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct? >>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side.
Hello Mallik Thank you for this wonderful session. Specially the lab thing you have done along with theory. Just wanted to know where did we set authorized user list who can only get decrypted data and rest will get encrypted data? Did I miss something to understand this concept.
Few questions: 1.if i loose the existing wallet password , how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password . 2. If we loose the wallet itself , should we leave the tableapaces unused , there is any otherway to make use of those encrypted tablespaces ? 3. There are tablespaces created earlier . Now tde got enabled , how to move data to encrypted tablespaces , do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted . 4. If primary database got wallet now and tablespaces got encrypted thereafter , how to make the standby use those tde encryption feature while standby even did not have encryption few while ago . 5. Refreshing the database needs oracle wallets to be moved , if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles , so again here we have to copy wallets , correct ?
1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password. >>> If we loose wallet password there is no way we can retrive the password >>> Best way to manage wallet to having wallet backups >>> Refer MOS note: 1342875.1 2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces? >>> We have to restore wallet from its backup >>> If you loose your wallet, You can not access encrypted tablespace or columns >>> No way you can make use of these encrypted tablespace 3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted . >>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT; OR >>> You can crete new TS with encryption and move object from old TS to new encrypted TS 4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago . >>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side. >>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side 5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct? >>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side
Hey Bharath, Database vault is different concept as comparison with wallet and TDE. Let me take one basic understanding on database vault and then I will do comparison. Once these concept are understand clearly its good to go with migration and securing database with key vault. These are advanced security concepts. Definitely I will take few sessions on these concepts.
Yes you can do that. 1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password. >>> If we loose wallet password there is no way we can retrive the password >>> Best way to manage wallet to having wallet backups >>> Refer MOS note: 1342875.1 2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces? >>> We have to restore wallet from its backup >>> If you loose your wallet, You can not access encrypted tablespace or columns >>> No way you can make use of these encrypted tablespace 3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted . >>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT; OR >>> You can crete new TS with encryption and move object from old TS to new encrypted TS 4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago . >>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side. >>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side 5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct? >>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side
Very nice and clear explanation.
strings command was Simply awesome .
Excellent Mallik, Thanks for the good knowledge sharing Session to clear the TDE basic concepts.
It's my pleasure
The video is gold and well done explanation sir.
Hi Mallik. Excellent video. I have one question. How do I confirm that the data is encrypted ? I have autologin wallet in OPEN state and created a sample table with an encrypted column but when I query the table, I can still see the original data instead of some encrypted text.
Excellent mallik, very good info
Thank you
Nice video sir, keep rocking 😊🙌
Thanks a ton. Keep watching my videos and more to come in coming days and keep enjoying my videos
Thanks Mallik for this nice presentation it helped me in one of the db data encryption
** One thing I am not able to connect is why these .dbf file require and do we need to create it manually every time.
** second thing how we can check the Column level encryption has encrypted the data I mean can we see the encrypted data while triggering the select query on particular column. is there any way where i can see the table data with column value is encrypted.
Thanks for sharing all questions and answers mallik sir
1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password.
>>> If we loose wallet password there is no way we can retrive the password
>>> Best way to manage wallet to having wallet backups
>>> Refer MOS note: 1342875.1
2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces?
>>> We have to restore wallet from its backup
>>> If you loose your wallet, You can not access encrypted tablespace or columns
>>> No way you can make use of these encrypted tablespace
3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted .
>>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT;
OR
>>> You can crete new TS with encryption and move object from old TS to new encrypted TS
4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago .
>>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side.
>>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side
5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct?
>>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side.
Hello Mallik Thank you for this wonderful session. Specially the lab thing you have done along with theory. Just wanted to know where did we set authorized user list who can only get decrypted data and rest will get encrypted data? Did I miss something to understand this concept.
You have to grant the decryption role/permission to user then only they ar3 able to see the data otherwise for all it will be encrypted.
@@VismoTechnologies at which stage and how we grant the permission for specific user to get decrypt data?
@@VismoTechnologies Sorry, but there is no "decryption role" in Oracle.
Few questions: 1.if i loose the existing wallet password , how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password .
2. If we loose the wallet itself , should we leave the tableapaces unused , there is any otherway to make use of those encrypted tablespaces ?
3. There are tablespaces created earlier . Now tde got enabled , how to move data to encrypted tablespaces , do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted .
4. If primary database got wallet now and tablespaces got encrypted thereafter , how to make the standby use those tde encryption feature while standby even did not have encryption few while ago .
5. Refreshing the database needs oracle wallets to be moved , if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles , so again here we have to copy wallets , correct ?
1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password.
>>> If we loose wallet password there is no way we can retrive the password
>>> Best way to manage wallet to having wallet backups
>>> Refer MOS note: 1342875.1
2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces?
>>> We have to restore wallet from its backup
>>> If you loose your wallet, You can not access encrypted tablespace or columns
>>> No way you can make use of these encrypted tablespace
3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted .
>>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT;
OR
>>> You can crete new TS with encryption and move object from old TS to new encrypted TS
4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago .
>>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side.
>>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side
5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct?
>>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side
Wallet or wallet password lost => database lost; there is no backdoor in TDE
Hi sir,
What are the types of secure backups of the database?
Tape backups
Crystal clear expansion and please explain oracle key vault also. How to migrate TDE to OKV
Hey Bharath, Database vault is different concept as comparison with wallet and TDE.
Let me take one basic understanding on database vault and then I will do comparison.
Once these concept are understand clearly its good to go with migration and securing database with key vault.
These are advanced security concepts. Definitely I will take few sessions on these concepts.
nice! where can i get this powerpoint?
Can we convert already existing tablespaces as encrypted?
Yes you, can create/configure wallet->create encrypted tablespace-> move data from unencrypted to encrypted tablespace
Excellent Malik, Thanks for clear explanation
Yes you can do that.
1. If i loose the existing wallet password, how to recover it without knowing password . We can change the password to new password if old password is with us , but we loose the wallet password.
>>> If we loose wallet password there is no way we can retrive the password
>>> Best way to manage wallet to having wallet backups
>>> Refer MOS note: 1342875.1
2. If we loose the wallet itself, should we leave the tableapaces unused, there is any otherway to make use of those encrypted tablespaces?
>>> We have to restore wallet from its backup
>>> If you loose your wallet, You can not access encrypted tablespace or columns
>>> No way you can make use of these encrypted tablespace
3. There are tablespaces created earlier. Now tde got enabled, how to move data to encrypted tablespaces, do we have to use move table command or is there any alter tableapace command to make unencrypted to encrypted .
>>> ALTER TABLESPACE users2 ENCRYPTION OFFLINE USING 'AES256' ENCRYPT;
OR
>>> You can crete new TS with encryption and move object from old TS to new encrypted TS
4. If primary database got wallet now and tablespaces got encrypted there after, how to make the standby use those tde encryption feature while standby even did not have encryption few while ago .
>>> Whenevr you enable encryption on existing TS or create new TS with encryption automatically same thing will happen at standby side, You no need to do the same thing at standby side.
>>> Only consideration is you need to copy your wallet to standby and edit the wallet location in sqlnet.ora in standby side
5. Refreshing the database needs oracle wallets to be moved, if already the databases were refreshed earlier using rman feature using from active database rman feature which do not use encrypted backups of datafiles, so again here we have to copy wallets, correct?
>>> You need a backup of the wallet from source and the wallet password to allow database duplication with encrypted data at your target side