Transparent Data Encryption
This article describes Transparent Data Encryption for Base Database Service.
All user-created tablespaces in a DB system database are encrypted by default, using Transparent Data Encryption (TDE).
- On a 1- or 2-node RAC DB system, you can use the TDE commands to update the master encryption key for a database.
- You must create and activate a master encryption key for any PDBs that
you create. After creating or plugging in a new PDB on a 1- or 2-node RAC DB System,
use the
dbcli update-tdekeycommand to create and activate a master encryption key for the PDB. Otherwise, you might encounter the errorORA-28374: typed master key not found in walletwhen attempting to create tablespaces in the PDB. In a multitenant environment, each PDB has its own master encryption key which is stored in a single keystore used by all containers. - For version 12c databases, if you don’t want your tablespaces
encrypted, you can set the
ENCRYPT_NEW_TABLESPACESdatabase initialization parameter toDDL.
For more information about:
- changing an existing TDE wallet password using the OCI Console, see Manage Administrator and TDE Wallet Passwords.
- TDE commands, see TDE Commands.
- TDE, see Quick-start Setup Guide for Wallet Based Transparent Data Encryption.
Related Topics
Copyright © 2022, 2025, Oracle and/or its affiliates.