Oracle Real Application Clusters (Oracle RAC) supports shared wallet for Transparent Data Encryption (TDE). You can store the shared wallet on a shared storage, either Oracle ASM or Oracle ACFS. A deployment with a single wallet on a shared disk requires no additional configuration to use Transparent Data Encryption. The wallet must reside in the directory specified by the setting for the WALLET_ROOT initialization parameter, which supersedes the settings in sqlnet.ora.

This diagram describes the steps to configure a shared wallet for an Oracle RAC database:

1. Change the WALLET_ROOT initialization parameter
   Set the WALLET_ROOT initialization parameter value to the directory where the wallet is stored on the shared storage. The recommended default method is to store the shared wallet on an Oracle ASM disk group and set the WALLET_ROOT initialization parameter to +DATA/db_unique_name.
2. (Rolling) Restart all Oracle RAC databases
   Perform a normal or a rolling restart of the database instances to activate the new initialization parameters. Stop and restart each instance individually to avoid a complete outage of your database.
3. Change the TDE_CONFIGURATION initialization parameter
   Change the initialization parameter TDE_CONFIGURATION to specify a software keystore. You can also change the TDE_CONFIGURATION initialization parameter using the init.ora file on all RAC nodes by adding TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE".
4. Create a keystore and set an encryption key
   Create a keystore with a password and set the encryption key. You can choose either set of the commands described in the graphic, depending on your database deployment.
   

The local copies of the wallet need not be synchronized for the duration of Transparent Data Encryption usage until the server key is re-keyed through the ADMINISTER KEY MANAGEMENT statement.

• Configuring a Keystore using WALLET_ROOT