Configuring Auto-Login for the KeyControl Keystore

When you configure auto-login, replace the following values according to your setup:

Script Value	Actual Value
/opt/oracle/entrust/orcl.conf	Replace with the actual path of your configuration file.
ASMDIR	Replace with your ASM storage directory name.
Database Name	Replace with the name of your database.
software_keystore_password	Replace with the password that you want to use.
back_identifier	Replace with a tag of your choice.

Procedure

Close the hardware keystore if it is opened using the following command:

Copy

connect / as sysdba;
ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY "file:/opt/oracle/entrust/orcl.conf" 
CONTAINER = ALL;

Set parameters for software keystore using the following commands:

Copy

startup;
ALTER SYSTEM SET WALLET_ROOT="/opt/oracle/admin/orcl/wallet" scope=spfile;
shutdown immediate;
startup;
ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=FILE" SCOPE=both;
shutdown immediate;
startup;

Create and open the software keystore.

Copy

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY <software_keystore_password>;
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <software_keystore_password>;

Add the config file as secret for a client HSM_PASSWORD.

Copy

ADMINISTER KEY MANAGEMENT ADD SECRET 'file:/opt/oracle/entrust/orcl.conf' FOR CLIENT 'HSM_PASSWORD' IDENTIFIED BY <software_keystore_password> WITH BACKUP USING <backup_identifier>;

Create Auto-login keystore.

Copy

ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE IDENTIFIED BY <software_keystore_password>;

Set parameters for software to hardware keystore configuration.

Copy

ALTER SYSTEM SET TDE_CONFIGURATION="KEYSTORE_CONFIGURATION=HSM|FILE" SCOPE=both;
shutdown immediate;
startup;
SELECT * FROM V$ENCRYPTION_WALLET;

After this configuration, when the database starts, the hardware keystore is opened automatically.