1. Installation and Configuration Guide
  2. Post-installation
  3. Transparent Data Encryption (TDE)
  4. Configure a Software Keystore and Encrypted Tablespace Creation
  5. Open the Software Keystore

7.27.1.3 Open the Software Keystore

Depending on the type of keystore you create, you must manually open the keystore before you can use it.

You must not manually open auto-login or local auto-login software keystores. These keystores are automatically opened when it is required, that is when an encryption operation must access the key. If necessary, you can explicitly close any of these types of keystores. You can check the status of whether a keystore is open, closed, open but with no master key, or open but with an unknown master key by querying the STATUS column of the V$ENCRYPTION_ WALLET view.

After you open a keystore, it remains open until you manually close it. Each time you restart a database instance, you must manually open the password keystore to re-enable encryption and decryption operations.

Perform the following steps to open the software wallet:

  1. Log in as sysdba or user with ADMINISTER KEY MANAGEMENT or SYSKM privilege.
  2. Use the following command to open password-based software keystore:

    CONN sys/password@serviceid AS SYSDBA

    ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY software_keystore_password [CONTAINER = ALL | CURRENT];

    • software_keystore_password is the same password that you used to create the keystore in "Step 2: Create the Software Keystore".
    • CONTAINER is for use in a multitenant environment. Enter ALL to set the keystore in all of the PDBs in this CDB, or CURRENT for the current PDB.

      Note:

      • In a CDB, open the Keystore in the ROOT (CDB$ROOT) container and in all the associated PDBs, where TDE is enabled.
      • You must not manually open auto-login or local auto-login software Keystores.