Database Overall → Pluggable Databases
Each pluggable database (PDB) now can have its own keystore, instead of there being only one keystore for the entire container database (CDB). Each PDB keystore can have its own password in addition to having its own master encryption key. The advantage of this feature is that it enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level. This feature benefits both multitenant and non-multitenant environments because it provides parameters to facilitate the configuration of the keystore location and the keystore type, eliminating the need for editing the sqlnet.ora file. This feature continues to support existing behavior where PDBs share a single keystore with the container database (CDB). This feature further allows some PDBs to share the keystore with the container database (CDB) and some PDBs to have their own keystores.
Business Benefit: Isolation of keystores amongst tenants is a desired aspect in multitenant environment. This feature offers greater isolation between PDBs because of following reasons: (1) Each PDB has its own keystore not shared with the container or with other PDBs attached to the same CDB. (2) Each PDB has its own password not shared with the container or with other PDBs attached to the same CDB. (3) Enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level.
Notes: EE:Oracle Database 18c: Not available on EEOracle Database 19c: This feature is available on EE starting with Oracle Database release 19c, version 19.14, and requires the Oracle Advanced Security option.Oracle Database 21c: Available on EE. Requires the Oracle Advanced Security option.ODA and Exa: Requires the Oracle Advanced Security optionCLOUD: Only available in OCI
EE:
ODA and Exa: Requires the Oracle Advanced Security option
CLOUD: Only available in OCI