1.10 Transparent Data Encryption

This topic provides information on Transparent Data Encryption.

Introduction

Transparent Data Encryption (TDE) enables to encrypt sensitive data, such as Personally Identifiable Information stored in tables and tablespaces.

After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access this data.

TDE helps protect data stored on media (also called data at rest) in the event that the storage media or data file is stolen.

Oracle Database uses authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system data files where data is stored. To protect these data files, Oracle Database provides Transparent Data Encryption (TDE).

TDE encrypts sensitive data stored in data files. To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database, called a keystore.

Enable TDE for Database

Refer Installation manual database to enable TDE for a database.