Skip to Main Content

Feature Details

Buttons

Feature Details Container

Ability to Create a Keystore for Each Pluggable Database

Database Overall → Pluggable Databases

Each pluggable database (PDB) now can have its own keystore, instead of there being only one keystore for the entire container database (CDB). Each PDB keystore can have its own password in addition to having its own master encryption key. The advantage of this feature is that it enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level. This feature benefits both multitenant and non-multitenant environments because it provides parameters to facilitate the configuration of the keystore location and the keystore type, eliminating the need for editing the sqlnet.ora file. This feature continues to support existing behavior where PDBs share a single keystore with the container database (CDB). This feature further allows some PDBs to share the keystore with the container database (CDB) and some PDBs to have their own keystores.

Business Benefit: Isolation of keystores amongst tenants is a desired aspect in multitenant environment. This feature offers greater isolation between PDBs because of following reasons: (1) Each PDB has its own keystore not shared with the container or with other PDBs attached to the same CDB. (2) Each PDB has its own password not shared with the container or with other PDBs attached to the same CDB. (3) Enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level.

Release Availability
11.2
12.1
12.2
18c
19c
21c
23ai
Parent Feature
Keystore for Each Pluggable Database
Available On
  • Enterprise Edition
  • Oracle Database Appliance
  • Exadata
  • Exadata Cloud Service / Cloud@Customer
  • Database Cloud Service Enterprise Edition
  • Database Cloud Service Enterprise Edition - High Performance
  • Database Cloud Service Enterprise Edition - Extreme Performance

Notes:

EE:

  • Oracle Database 18c: Not available on EE
  • Oracle Database 19c: This feature is available on EE starting with Oracle Database release 19c, version 19.14, and requires the Oracle Advanced Security option.
  • Oracle Database 21c: Available on EE. Requires the Oracle Advanced Security option.

ODA and Exa: Requires the Oracle Advanced Security option

CLOUD: Only available in OCI

Initial Release
18c