• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
Techgoeasy

Techgoeasy

Learn Oracle, PHP, HTML,CSS,Perl,UNIX shell scripts

  • Home
  • Oracle
    • Oracle database
    • Oracle Ebusiness Suite
    • Oracle weblogic
    • Oracle Performance Tuning
    • Oracle Hyperion
    • Oracle Cloud Tutorials
  • SQL
  • interview questions
  • Linux
  • PHP and HTML
  • Downloads
  • General
Home » Oracle » Oracle Database » How To Export -Import TDE Master Encryption Key

How To Export -Import TDE Master Encryption Key

March 4, 2023 by techgoeasy Leave a Comment

We need to export/import the TDE Master Encryption key when we are migrating TDE encrypted NON-CDB to the CDB database or migrating encrypted PDB to another CDB database.

How To Export TDE Master Encryption Key

When you are migrating PDB from one database to another and the source PDB is encrypted, then you need to export the keys in the source database in order for the PDB to successfully migrate. This can be done using the below command

alter session set container=TESTPDB
ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "my_secret" TO '<location of export file>'  IDENTIFIED BY "<wallet password>";

This command requires the wallet to be opened in password mode. Else it will fail.

You can also export the keys if the wallet is opened in Autologin mode. It requires a certain patch level. Also, We need to add FORCE KEYSTORE

ADMINISTER KEY MANAGEMENT EXPORT ENCRYPTION KEYS WITH SECRET "my_secret" TO '<location of export file>' FORCE KEYSTORE IDENTIFIED BY "<wallet password>";

How To Import TDE Master Encryption Key

Now you import the exported keys into the target database after the Pluggable database is created

alter session set container=TESTPDB;
ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "my_secret" from '<location of export file>'  IDENTIFIED BY "<Wallet password" with backup;

This command requires the wallet to be opened in password mode. Else it will fail.

You can also import the keys if the wallet is opened in Autologin mode. But It requires a certain patch level. We also need to add FORCE KEYSTORE

alter session set container=TESTPDB; 
ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "my_secret" from '<location of export file>' FORCE KEYSTORE IDENTIFIED BY "<Wallet password" with backup;

I hope this is clear and helpful

Related Articles

How To Restore TDE Wallet Files From Backup in Oracle Database
how to check if oracle database is encrypted
TDE encryption in Oracle 12c step by step
TDE encryption in oracle 11g step by step

Filed Under: Oracle, Oracle Database

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar



Subscribe to our mailing list

Enter your email address to subscribe to this blog and receive notifications of new posts by email

Recent Posts

  • Password Version in oracle
  • How to login as user without changing the password in Oracle database(alter user identified by values)
  • How to check encrypted tablespace in the Database
  • How To Export -Import TDE Master Encryption Key
  • How to Configure Auto Login TDE Wallet

Copyright © 2023 : TechGoEasy

  • Hire me
  • Privacy Policy
  • Contact Us
  • New? Start Here
  • About Us