Home » Oracle » Oracle Database » how to open a TDE wallet in Oracle : Status, Open, Close

how to open a TDE wallet in Oracle : Status, Open, Close

How to open a wallet in Oracle 12c

In this post, we will be checking out the most commonly used oracle tde wallet queries.

How to open a TDE wallet in Oracle 12c or 19c

Here is how to open a wallet in Oracle 12c or 19c for both CDB and Non-CDB Databases

With 12c Non-CDB

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <wallet password> ;

With 12c CDB

For all PDB in the Container

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <wallet pass> CONTAINER=ALL ;

for Root and individual PDB

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <wallet pass> ;

How to open a wallet in Oracle 11g

ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "<wallet password>";

How to close a wallet in Oracle 12c

With 12c Non-CDB

ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY <wallet password>;

With 12c CDB

For all PDB in the Container
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <wallet pass> CONTAINER=ALL ;
for Root and individual PDB
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY <wallet pass> ;

how to close wallet in oracle 11g

ALTER SYSTEM SET ENCRYPTION WALLET CLOSE;

how to check wallet status in oracle

SQL>set linesize 200
SQL>col WALLET_DIR for a40
SQL>col status for a15
SQL>select STATUS,WRL_PARAMETER WALLET_DIR,WALLET_TYPE from V$ENCRYPTION_WALLET;

Query result to check if TDE was implemented prior or TDE was never implemented:

In 11g DB:

SELECT BITAND(FLAGS,8) FROM X$KCBDBK;

If this query returns 8, then TDE is/was implemented. (TDE REKEY/SET KEY is done for this database and the MKID of SYSTEM tablespace is the MKEYID of that previous/current wallet file)

See also  Oracle Database 19c new features

If this query returns 0, then TDE is never implemented (TDE REKEY/SET KEY was never done for this database and the MKID of SYSTEM tablespace is the pre-generated ID)

In 12c DB:

select mkloc from x$kcbdbk;

If this query returns 1, then TDE is/was implemented. (TDE REKEY/SET KEY is done for this database and the MKID of SYSTEM tablespace is the MKEYID of that previous/current wallet file)

If this query returns 0, then TDE was never implemented. (TDE REKEY/SET KEY was never done for this database and the MKID of SYSTEM tablespace is the pre-generated ID

Related Articles

How To Restore TDE Wallet Files From Backup in Oracle Database
how to check if oracle database is encrypted
TDE encryption in Oracle 12c step by step
TDE encryption in oracle 11g step by step
https://docs.oracle.com/en/database/oracle/oracle-database/18/asoag/managing-keystore-and-tde-master-encryption-key.html

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top