Setting up the Oracle environment and the Futurex PKCS #11 Library
If you plan to run Oracle Database in a Docker container, skip this section. A later section covers the steps to set up the Oracle environment and configure the PKCS #11 library for container implementation.
The oraenv tool sets up the Oracle database environment for the current session and allows the use of the sqlplus command. To set the Oracle environment, run the commands shown in the following example.
When prompted, specify the system ID (SID) for the instance (orcl in this example) or use the default value indicated between the brackets in line 4 in the following sample. All instances on the system require a unique SID.
Upon success, the command returns the following message:
The ENCRYPTION_WALLET_LOCATION parameter specifies the location of the Oracle wallet. You must modify this parameter to specify the use of an HSM in place of the software wallet. Use the following steps to set the ENCRYPTION_WALLET_LOCATION parameter.
Go to the $ORACLE_HOME/network/admin directory.
Open the sqlnet.ora file in a text editor. If the ENCRYPTION_WALLET_LOCATION parameter is already present, change the METHOD value to HSM. If the ENCRYPTION_WALLET_LOCATION parameter is not present, add the parameter as follows:
If a DIRECTORY value is present in the ENCRYPTION_WALLET_LOCATION parameter, do not delete it. Although the does not require a DIRECTORY value, the value specifies the locatation of the old software wallet when migrating to HSM-based TDE. Also, the DIRECTORY value might be required by tools such as the Recovery Manager (RMAN) to locate the software wallet.
Save and close the file.
Copy the PKCS #11 library file (libfxpkcs11.so) to the path /opt/oracle/extapi/[32,64]/hsm/futurex/X.X/ where X.X is the library version.
Copy the PKCS11Manager and fxpkcs11.cfg files into the /etc directory.