We're taking the plunge into TDE with the ASO and cutover will be coming up soon. I'm going through my backup and recovery testing and in doing so started to think of all the "gotchas" that might come up because once you've turned that key and encrypted your database, there's no looking back. One of the thoughts that popped into my mind was if the following is a true statement: once a wallet is created, the password/key/etc DOES NOT EXPIRE. We're using the wallet for our RAC db for TDE encryption, and a second, separate wallet at the grid/clusterware level to overcome the TNS Poisoning bug revealed last April. We are not using any kind of hardware key management.
I would hate to get these all installed and one day find out my data had closed or instances couldn't register because something had expired. Everything I've read indicates this doesn't occur, but before go-live, I thought I'd ask the community to make sure I was interpreting and understanding things correctly, and that I hadn't missed a detail. I understand I can reset the keys if I want to, though this is discouraged for reasons in the documentation. The passphrase used to create the wallets is kept in a safe place as well.