Resetting TDE Master Encryption Key

After you generate your key and encrypt it, you can replace the given TDE master encryption key with the key you generated. You must follow the instructions to generate your own key. If not, the reset key operation will fail.

See Generating Your TDE Master Key.

To reset the given key:

Sign in to Applications Console or Infrastructure Classic Console.
Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Infrastructure Console.
In the Cloud Services section, click the Action icon on the service tile and select View Details to open the Service Details page. The Overview tile is in focus.
Click the Manage TDE Key tile.
Click Choose operation and select Reset TDE Master Key.
Click Browse and select your encrypted TDE master key.
Provide the checksum you generated as part of the key generation procedure. Copy and paste the checksum in the text box.
Click Upload Encrypted TDE Master Key to upload your encrypted key.
In the Warning window, click Yes to continue.

The TDE master key is replaced with your own TDE encrypted key.

Note:

Make a copy of your key and keep it safely. If you have any old keys (history), you must keep them safe as well. This is required during restoration of backups. When restoring your backup, you must provide the corresponding key that was used for the backup to Oracle. If you lose your old keys, the corresponding backup can’t be restored.