To encrypt obfuscated database link passwords and use the TDE framework to manage the encryption key.
The TDE keystore must exist. The DDL first checks that the TDE:
Keystore is open.
Master Encryption Key exists in the TDE keystore.
If any of the checks fail, the DDL fails. When this happens you must create a TDE keystore and provision a TDE Master Key. For more on this refer to the Database Security Guide.
The instance initialization parameter
COMPATIBLEmust be set to 220.127.116.11.
You must have
SYSKMprivileges to execute the command.
This DDL encrypts existing and future obfuscated sensitive information in data dictionaries, for example database link passwords stored in
It performs the following actions:
Inserts a new entry in
It creates and initializes the SGA variable.
De-obfuscates obfuscated passwords in
Encrypts the de-obfuscated passwords using the generated encryption key in
Sets the flag to indicate a valid/usable dblink entry in
This DDL is used to change the data encryption key. It is applied to
SYS.LINK$ and any other tables covered under the data dictionary encryption framework.
This DDL marks encrypted passwords unusuable. That means that current password entries in
SYS.LINK$ are marked unusable. It deletes the key in
ENC$ that was used to encrypt the credentials, and clears the SGA variable to prevent future encryption.