I was assisting a customer with migrating a PDB from on-premises to OCI. The source database did not have TDE configured.
After plugging the PDB into the OCI CDB, the customer encountered some TDE issues. I created the following test to replicate the steps.
First, I’ll create a new on-premises PDB without TDE enabled:
Let’s unplug the new PDB:
Let’s move the PDB to OCI and plug it:
Let’s open the PDB:
As you can see below, there are some issues we need to fix to be able to open the PDB in non-restricted mode:
To fix most of the issues, let’s run the datapatch:
Now, let’s try to create a new tablespace to check the TDE configuration:
The first command to start fixing the issue:
alter session set container=pdbdev;
administer key management set keystore open force keystore identified by xxxxx;
The second command to fix the issue:
alter session set container=pdbdev;
administer key management set key force keystore identified by xxxxxx with backup;
Now, the TDE configuration is fine for the PDB:
You can encrypt all other tablespaces using this command:
alter tablespace SYSTEM encryption ONLINE encrypt;
HI,
Thanks for this post. However i have one question. As per your command,
alter tablespace SYSTEM encryption ONLINE encrypt;
Are we really need to encrypt SYSTEM tablespace?
Thank you very much..
https://docs.oracle.com/en/database/oracle/oracle-database/21/asoag/encryption-conversions-tablespaces-and-databases1.html#GUID-79072DFC-4DC6-4920-9B2A-D649123D15C7