You can encrypt a data file of an existing tablespace when the tablespace is offline.
-
Log in to the DB instance as a system user.
SQL
SQL> connect system/<password>;
-
Open HSM Keystore.
SQL
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <hsm_password>;
-
Create a tablespace.
SQL
SQL> create tablespace NONSECURE01_TS DATAFILE 'C:/Oraclenew/oradata/ORCLNEW/NONSECURETS_01.DBF' SIZE 10M;
-
Create an EMP table inside the NONSECURE01_TS tablespace.
SQL
SQL> create table EMP (EMPID NUMBER(4),NAME VARCHAR(100),SALARY NUMBER(6)) tablespace NONSECURE01_TS;
-
Insert data into the EMP table.
SQL
SQL> insert into EMP values (0001, 'Michael Jackson', 999999);
SQL> insert into EMP values (0002, 'Lady Gaga', 888888);
SQL> insert into EMP values (0003, 'Freddie Mercury', 777777);
SQL> insert into EMP values (0004, 'Steven Tyler', 666666);
SQL> commit;
-
View data from the EMP table.
SQL
SQL> select * from EMP;
-
Bring the NONSECURE01_TS tablespace offline.
SQL
SQL> alter tablespace NONSECURE01_TS OFFLINE NORMAL;
-
Encrypt the NONSECURE01_TS tablespace.
SQL
SQL> alter tablespace NONSECURE01_TS ENCRYPTION OFFLINE ENCRYPT;
Alternatively, use the ALTER DATABASE DATAFILE SQL statement to encrypt individual data files within a tablespace.
SQL
SQL> alter database DATAFILE ' NONSECURETS01_TS.DBF' ENCRYPT;
-
Bring the tablespace online.
SQL
SQL> alter tablespace NONSECURE01_TS ONLINE;
-
Close the keystore.
SQL
SQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY <hsm_password>;
-
Now, try to view the contents of the EMP table; nothing is displayed as the wallet is closed.
SQL
SQL> select * from EMP;