From 5057025c0cb5814407a306bb455d3e025a561b96 Mon Sep 17 00:00:00 2001
From: Stefan Oehrli <stefan.oehrli@accenture.com>
Date: Wed, 30 Aug 2023 15:44:10 +0200
Subject: [PATCH] add script idenc_tde_pdbuni.sql to automatically deploy TDE
 in PDB in unified mode

---
 sql/idenc_tde_pdbuni.sql | 46 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 sql/idenc_tde_pdbuni.sql

diff --git a/sql/idenc_tde_pdbuni.sql b/sql/idenc_tde_pdbuni.sql
new file mode 100644
index 0000000..1e77feb
--- /dev/null
+++ b/sql/idenc_tde_pdbuni.sql
@@ -0,0 +1,46 @@
+--------------------------------------------------------------------------------
+--  OraDBA - Oracle Database Infrastructur and Security, 5630 Muri, Switzerland
+--------------------------------------------------------------------------------
+--  Name......: idenc_tde_pdbuni.sql
+--  Author....: Stefan Oehrli (oes) stefan.oehrli@oradba.ch
+--  Editor....: Stefan Oehrli
+--  Date......: 2023.08.29
+--  Revision..:  
+--  Purpose...: Initialize TDE in a PDB in united mode i.e., with a common wallet
+--              of the CDB in WALLET_ROOT. The CDB must be configured for
+--              TDE beforehand. This scripts does use several other scripts to
+--              enable TDE and it also includes restart of the pdb. 
+--
+--              The following steps are performed:
+--              - csenc_master.sql      create master encryption key
+--              - restart pdb
+--              - ssenc_info.sql        show current TDE configuration
+--  Notes.....:  
+--  Reference.: Requires SYS, SYSDBA or SYSKM privilege
+--  License...: Apache License Version 2.0, January 2004 as shown
+--              at http://www.apache.org/licenses/
+--------------------------------------------------------------------------------
+-- format SQLPlus output and behavior
+SET LINESIZE 160 PAGESIZE 200
+SET HEADING ON
+SET FEEDBACK ON
+
+-- start to spool
+SPOOL idenc_tde_pdbuni.log
+
+-- uncomment the following line if you have issues with pre-created master
+-- encryption keys. e.g., because TDE wallets have been recreated
+--@idenc_lostkey.sql
+
+-- configure master encryption key
+@csenc_master.sql
+
+PROMPT == Restart database to load software keystore with new master key =======
+ALTER PLUGGABLE DATABASE CLOSE;
+ALTER PLUGGABLE DATABASE OPEN;
+
+-- display information
+@ssenc_info.sql
+
+SPOOL OFF
+-- EOF -------------------------------------------------------------------------
\ No newline at end of file