Restoring Your TDE Master Encryption Key

You can restore the services that were shut down when the TDE master encryption key was revoked, by uploading the same revoked key in Infrastructure Classic Console or Applications Console. Ensure that you provide the exact same key that was revoked; otherwise, the operation will fail.

The process of restoring your master encryption key is akin to key reset. However, you needn’t generate a new key during key restoration. You only need to download the public transportation key, use it to encrypt the Master TDE Key, which is similar to the key reset operation.

To restore your services and upload the encrypted key:

Sign in to Applications Console or Infrastructure Classic Console.
Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Infrastructure Console.
In the Cloud Services section, click the Action icon on the service tile to open the Service Details page. The Overview tile is in focus.
Click the Manage TDE Key tile.
Click Download Public Transport Key.
Note that you must always use the latest public key for every transaction. Because you are restoring a key that was used previously, you must use the same key, but encrypt it with the latest public key.
Click Choose operation and select Restore TDE Master Key. Note that this operation is only enabled when the key has been revoked.
Browse and select the exact TDE master encrypted key that was revoked.
Provide the same valid checksum that you used during the reset key operation.
Click Upload Encrypted TDE Master Key to upload your encrypted key.
If successful, a message is displayed along with the progress of the restore operation.