My Oracle Support Banner

Implementing Transparent Data Encryption (TDE) Using Standby-First Offline Encryption (Doc ID 2979979.1)

Last updated on JULY 20, 2024

Applies to:

Oracle Database - Enterprise Edition - Version 19.1.0.0.0 and later
Information in this document applies to any platform.

Goal

 Implement Transparent Data Encryption (TDE) using a standby-first methodology in Oracle Database 18c and later.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Pre-process Information Gathering
 Use Case 1: If TDE has not been activated for the database
 Step 1.1: Set the default encryption algorithm for the database
 Step 1.2: Configure the Keystore on the Primary Database
 Step 1.3: Configure Standby Access to Keystore
 Execute the Core Steps for Offline Encryption
 Use Case 2: If TDE has been activated for the database, but with 19c default AES128
 Step 2.1: Set the default encryption algorithm for the database
 Step 2.2: REKEY the SYSTEM, SYSAUX and UNDO tablespaces for each PDB
 Step 2.3: Copy the keystores/wallets to the standby (if needed)
 Execute the Core Steps for Offline Encryption
 Core Steps for Offline Encryption Using the Standby Database
 Step Core.1: Generate a Script to Offline Encrypt Datafiles
 Step Core.2: Divide the Script (IF NEEDED)
 Step Core.3: Prepare the Standby Database for OFFLINE Encryption
 Step Core.4: Execute the Scripts
 Step Core.5: Validation
 List Encrypted Tablespaces with Algorithm Used
 List Unencrypted Tablespaces
 DBVerify
 Step Core.6: Restart Recovery
 Step Core.7: Create New Temporary Tablespaces
 Step Core.8: Switchover
 Step Core.9: Encrypt the New Standby
 Step Core.10: Switchover (Optional)

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.