Sometimes, we may have done some mistakes and we are facing issues with TDE. If you have a good backup of the wallet then we can go back to the backup file.
There are two files pertaining to the TDE
ewallet.p12 – This is the actual wallet file
cwallet.sso – This is the autologin wallet
To restore the wallet from one of the backup files do the following:
- rename the current wallet file to have it for further reference if needed.
cd <wallet directory>
mv ewallet.p12 ewallet.p12_backup
2. copy the latest backup file (or the one you want to use) and rename the backup file to ewallet.p12 and make sure it is available to the database.
cd <wallet backup directory> cp <wallet backup directory>/ewallet.p12 <wallet directory>/ewallet.p12 cd <wallet directory> ls -ltra
3. to recreate the autologin wallet run the following. This will create a new cwallet.sso file:
orapki wallet create -wallet . -auto_login -pwd <wallet password>
If you do not perform this step, the database will still be seeing the current keys only.
Now you can bounce the database so that it can pick up the new wallet files
sqlplus / as sysdba shutdown immediate startup
The following two queries will help you find if you have reverted back to a good backup
select * from v$encryption_wallet;
SQL> select key_id from v$encryption_keys;
These steps are valid for Database on Premise and cloud both. This has been successfully tested on database version 12.1 and above