Controlling TDE Keys

Not Oracle Cloud at Customer This topic does not apply to Oracle Cloud at Customer.

As a service administrator, you can set up and control keys from My Services to secure your data on Oracle Cloud. You can set up keys for Oracle Cloud services such as Oracle HCM Cloud Service, Oracle Sales Cloud Service, or Oracle ERP Cloud Service from the Manage TDE Key page, if enabled for the service.

To learn more about the service administrator role, see Oracle Cloud User Roles and Privileges.

The following elements are involved in data encryption:
  • Transportation Key: The public key that the you download from Oracle Cloud

  • TDE Master Encryption Key: The key that you generate on your premises

  • Encrypted Key File: The file which stores the encrypted TDE Master Encryption Key with the Transportation Key

You can do the following operations from the Manage TDE Key page:
  • Download Oracle public key and use it to encrypt your own TDE master encryption key.

  • Upload your new TDE master encrypted key.

  • Reset your key: You can replace the given key with your own TDE master encryption key. You must use OpenSSL to generate your own key for replacing the existing master encryption key.

  • Revoke your key: Delete your TDE master encryption key and shut down the system.

  • Restore your key: Restore your key and the system after the revoke operation. You can restore the system only if you provide the exact key that was revoked.