I was assisting a customer with migrating a PDB from on-premises to OCI. The source database did not have TDE configured.
After plugging the PDB into the OCI CDB, the customer encountered some TDE issues. I created the following test to replicate the steps.
First, I’ll create a new on-premises PDB without TDE enabled:
Let’s unplug the new PDB:
Let’s move the PDB to OCI and plug it:
Let’s open the PDB:
As you can see below, there are some issues we need to fix to be able to open the PDB in non-restricted mode:
To fix most of the issues, let’s run the datapatch:
Now, let’s try to create a new tablespace to check the TDE configuration:
The first command to start fixing the issue:
alter session set container=pdbdev;
administer key management set keystore open force keystore identified by xxxxx;
The second command to fix the issue:
alter session set container=pdbdev;
administer key management set key force keystore identified by xxxxxx with backup;
Now, the TDE configuration is fine for the PDB:
You can encrypt all other tablespaces using this command:
alter tablespace SYSTEM encryption ONLINE encrypt;