My Oracle Support Banner

How To Generate A New Master Encryption Key for the TDE (Doc ID 445147.1)

Last updated on FEBRUARY 01, 2022

Applies to:

Advanced Networking Option - Version to [Release 11.2]
Advanced Networking Option - Version to [Release 10.2 to 11.2]
Information in this document applies to any platform.


In order to encrypt column data, Oracle uses a table encryption key which is unique for each table of the database. All the table encryption keys are encrypted using a master key and stored within the data dictionary. The master key is kept in a container outside of the database which can be either a file ( a PKCS#12 wallet ) or a Hardware Security Module (HSM) . To keep the system secure, one has to regenerate the master key periodically.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.