Our enterprise is starting to move towards using TDE to encrypt tablespaces as we upgrade existing application databases to 18c. I have been asked to find out if it is possible to use a centralized keystore for all the (test/dev/prod) dbs in the enterprise. We are on RHEL.
I realize this is far from the optimal implementation and in fact opens us up to catastrophic results should the single keystore be corrupted, but management wants to know if it is POSSIBLE.
In addition, they have decided we will NOT keep the keystore on ASM.
I have reviewed the "Best Practices" document and the security portion of the 18c documentation. Any other advice/direction is appreciated.
Wylie