TDE Master Key Upload Best Practices

Before uploading or resetting your TDE master encryption key, review the following best practices.
  1. Upload or Reset Your First Key with Oracle: You must perform the first key reset or upload along with Oracle. Contact your Oracle representative to schedule this.

  2. Review TDE Master Key Ownership & Responsibilities:
    • Review the list of service administrators who can perform the key upload or reset operation.

    • It is critical that you establish an internal policy for backups and safeguard the TDE master key.

    • Maintain an inventory of the keys you have used along with the dates on which they were used. Maintain backups of all keys for the duration specified in the Oracle Backup Retention Policy.

  3. Key Lifecycle Operations: Consider the following scheduled events before uploading or resetting your key:
    • Make sure other lifecycle operations, such as production to test, upgrade, or patching events, have not been scheduled.

    • Make a note of your organization’s peak usage period (for example, time of day, or end of the month/quarter/year).

    • DO NOT attempt to initiate a key reset or upload during such events or peak usage periods.

    • Always check for published event schedules in Infrastructure Classic Console or Applications Console.