My Oracle Support Banner

Oracle Database Tablespace Encryption Behavior in Oracle Cloud (Doc ID 2359020.1)

Last updated on MAY 16, 2024

Applies to:

Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine)
Gen 2 Exadata Cloud at Customer
Oracle Cloud Infrastructure - Exadata Cloud Service
Oracle Cloud Infrastructure - Database Service
Linux x86-64 on Oracle Public Cloud


The purpose of this document is to describe the behavior of Transparent Data Encryption in an Oracle Cloud environment.

Oracle Database Cloud Services, including Exadata Cloud Service and Cloud@Customer, require TDE Encryption be enabled for all tablespaces by policy.


This document describes how Oracle Database Tablespace Encryption works for the following use cases:

Applies to Oracle Database Cloud Services including Base Database Service, Exadata Database on Dedicated Infrastructure and Exadata Database on Cloud@Customer. For Autonomous Database Cloud services, all database data is always encrypted.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 Important Encryption Notes
 Database Releases: Encryption in the Cloud
 Details: Database Releases and
 Details: Database release through 19.15 and 21c
 Details: Database release 19.16+ and 23ai and later:
 Hybrid DR Deployment Considerations
 Unencrypted On-Premises and Unencrypted Cloud
 Primary: Unencrypted On-Premises | Standby: Encrypted Cloud
 Primary: Encrypted Cloud | Standby: Unencrypted On-Premises
 Table: On-Premises Unencrypted Primary | Cloud Encrypted Standby
 Table: Cloud Encrypted Primary | On-Premises Unencrypted Standby
 Configuration: Database Parameters
 Summary of Database Parameters and Versions
 Default Encryption Algorithm
 _tablespace_encryption_default_algorithm or tablespace_encryption_default_algorithm (21c+)
 Location of the Wallet
 WALLET_ROOT and TDE_CONFIGURATION Initialization Parameters (19c and later)
 ENCRYPTION_WALLET_LOCATION Initialization Parameter (Pre-19c)
 Default Encryption Behavior
 TABLESPACE_ENCRYPTION Initialization Parameter (Oracle Database 19.16 and later releases only)
 ENCRYPT_NEW_TABLESPACES Initialization Parameter (Oracle Database 19.15 and earlier)

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.