Database Administration (MOSC)

MOSC Banner

TDE Master key rotation

I would like to ask the best practice for rotating the master key for at rest encryption of oracle tablespaces.

We have a keystore wallet stored in oracle ASM. We have encrypted a number of tablesapces. When a new key is generated, is it necessary to run the command to tell oracle to use the new key?

administer key management use key 'AWmqc/+MQk/Nv3dSBLsi4CYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' IDENTIFIED BY <password> WITH BACKUP;

Also, what is the best practice for the old master key, which remains in the wallet? I understand that there is not a way to delete it and, if there was, should we?

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center