Sometimes, we may have done some mistakes and we are facing issues with TDE. If you have a good backup of the wallet then we can go back to the backup file.
There are two files pertaining to the TDE
ewallet.p12 – This is the actual wallet file
cwallet.sso – This is the autologin wallet
To restore the wallet from one of the backup files do the following:
- rename the current wallet file to have it for further reference if needed.
cd <wallet directory>
mv ewallet.p12 ewallet.p12_backup
2. copy the latest backup file (or the one you want to use) and rename the backup file to ewallet.p12 and make sure it is available to the database.
cd <wallet backup directory> cp <wallet backup directory>/ewallet.p12 <wallet directory>/ewallet.p12 cd <wallet directory> ls -ltra
3. to recreate the autologin wallet run the following. This will create a new cwallet.sso file:
orapki wallet create -wallet . -auto_login -pwd <wallet password>
If you do not perform this step, the database will still be seeing the current keys only.
Now you can bounce the database so that it can pick up the new wallet files
sqlplus / as sysdba shutdown immediate startup
The following two queries will help you find if you have reverted back to a good backup
select * from v$encryption_wallet;
SQL> select key_id from v$encryption_keys;
These steps are valid for Database on Premise and cloud both. This has been successfully tested on database version 12.1 and above
I hope you like this content on Restore TDE Wallet Files From Backup. Please do provide the feedback
TDE encryption in oracle 11g step by step: Check out this article for TDE encryption in oracle 11g step by step for both table encryption and tablespace encryption
TDE encryption in Oracle 12c step by step
How to open a wallet in Oracle 12c: Check out How to open a wallet in Oracle 12c, How To Import TDE Master Encryption Key, How To Export TDE Master Encryption Key
How to change TDE Keystore Password: check out How to change TDE Keystore Password, How to validate the TDE wallet password with detailed steps
how to check if oracle database is encrypted: check out how to check if oracle database is encrypted, what tablespaces are encrypted, and what table columns are encrypted
Thank you so much for sharing all this wonderful info through your post / Blogs, It is so appreciated!!!, You always have good humour in your posts/blogs. So much fun and easy to read!
Can you please provide any document to configure TDE within a dataguard environment?