Monday, April 3, 2017

Enable master key Encryption Key for a PDB on the cloud

SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;Master Key Encryption allow you to encrypt sensitive data, such as credit card numbers, stored in table columns. Encrypted data is transparently decrypted for a database user who has access to the data. Transparent data encryption helps protect data stored on media in the event that the storage media or data file gets stolen for more information about it here.

After creating Database on the cloud ( Dbaas ) you can enable the master key by using the below steps :-


  • First of all you need to check the name of the container that you want to enable master key.
    • select con_id, dbid, name from v$pdbs;

  • as you see my container name is PDB1 set the session to this.
    • ALTER SESSION SET CONTAINER = PDB1;

  • Check the location for the wallet by running the below query :-
    • SELECT wrl_parameter, status, wallet_type FROM v$encryption_wallet;

  • Back to Root Container run the below query to see the wallet parameter type there is two value autologin or password each one of them having it's own usage, in my case the value set to password.

  • Now i should close the wallet depend on the wallet type in my case it's set as password then i will use the below  for more information about ADMINISTER KEY MANAGEMENT here
    • ADMINISTER KEY MANAGEMENT SET KEYSTORE close IDENTIFIED BY Mypassword;

  • When i tried to open the wallet using the same password i set it before. 
    • ADMINISTER KEY MANAGEMENT SET KEYSTORE open IDENTIFIED BY MyPassword CONTAINER=all

But my wallet is closed, i found oracle support document here Document number 1944507.1 which discuss this error and provide a solution for this error you can back to this document.

Once you apply the solution you will be able to open the wallet as below.






Welcome to TDE on the cloud.

Thank you
Osama Mustafa

No comments:

Post a Comment