Ability to Create a Keystore for Each Pluggable Database

Database Overall → Pluggable Databases

Each pluggable database (PDB) now can have its own keystore, instead of there being only one keystore for the entire container database (CDB). Each PDB keystore can have its own password in addition to having its own master encryption key. The advantage of this feature is that it enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level. This feature benefits both multitenant and non-multitenant environments because it provides parameters to facilitate the configuration of the keystore location and the keystore type, eliminating the need for editing the sqlnet.ora file. This feature continues to support existing behavior where PDBs share a single keystore with the container database (CDB). This feature further allows some PDBs to share the keystore with the container database (CDB) and some PDBs to have their own keystores.

Business Benefit: Isolation of keystores amongst tenants is a desired aspect in multitenant environment. This feature offers greater isolation between PDBs because of following reasons: (1) Each PDB has its own keystore not shared with the container or with other PDBs attached to the same CDB. (2) Each PDB has its own password not shared with the container or with other PDBs attached to the same CDB. (3) Enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level.