Encrypting Pluggable database in Oracle 19c by using the Oracle Transparent Data Encryption (TDE)
Posted by Mir Sayeed Hassan on April 23rd, 2024
Encrypting Pluggable database in Oracle 19c by using the Oracle Transparent Data Encryption (TDE).
Here will implement Transparent Data Encryption method in our Oracle 19c Test Environment, The Database should contain the Pluggable database init.
Check the database status, name , version of Oracle database
SYS @ ora19cdb > select status,version, open_mode from V$database, v$instance; STATUS VERSION OPEN_MODE ----------------------------------- OPEN 19.0.0.0.0 READ WRITE
Check the Container & Pluggable databases.
[oracle@ora19cdb ~]$ sqlplus / as sysdba SQL*Plus: Release 19.0.0.0.0 - Production on Tue Apr 23 03:46:39 2024 Version 19.18.0.0.0 Copyright (c) 1982, 2022, Oracle. All rights reserved. Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.18.0.0.0
Container DB
SYS @ ora19cdb > select name from v$database; NAME --------- ORA19CDB
Pluggable Databases
SYS @ ora19cdb > show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------------- 2 PDB$SEED READ ONLY NO 3 PDB_TEST1 READ WRITE NO 4 PDB_TEST2 READ WRITE NO
Here we have PDB$SEED (Template PDB DB), 2 PDB’s
- ORA19CDB - It's My CDB DB & will only be encryping the USERS tablespace & the catalog. - PDB_TEST1, PDB_TEST2 are 2 PDB's, Here will be encrypting the USERS tablespace. - In single instance db, Will be using this location of the wallet as default cd $ORACLE_BASE/admin/ora19cdb/xdb_wallet - In RAC DB, Ensure each node has a identical copy., - If local file system, best practice use the $ORACLE_BASE location. - On shared filesystem, use the NFS/AFCS - On ASM, Use ASM Location as "+ORADATA/ORA19CDB/wallat"
Note:
– Backup of your wallet, without this wallet you cannot access to db after the encyption is implemented.
– Wallet backup should be a seperate from db, Incase if they placed on same location, anyone can access and read the backup.
– Incase if you have the standby database, The best method to convert to TDE with the standby database first., Here you will convert standby db to utilize TDE with a restore as encrypted and Primary DB is untouched
– After converted the standby, you will perform the SWITCHOVER (To Standby) and encrypt “Current Standby” Which was the Primary., Hence both are encrypted you will switch back & process will be completed.
Start the Process
Take a FULL DB Backup before starting this process, As we are going to use the “restore tablespace as encrypted” as this will allow to open db with minimal recovery
[oracle@ora19cdb ~]$ cd /u02/backup/rman/fulldb_backup
[oracle@ora19cdb fulldb_backup]$ rman target /
Recovery Manager: Release 19.0.0.0.0 - Production on Tue Apr 23 04:29:37 2024
Version 19.18.0.0.0
Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved.
connected to target database: ORA19CDB (DBID=708841121)
RMAN> run {
backup as compressed backupset incremental level 0 database tag fulldb_backup format '/u02/backup/rman/fulldb_backup/df_%d_%T_%s.bck';
backup as compressed backupset archivelog all format '/u02/backup/rman/fulldb_backup/arch_%d_%T_%s.bck';
2> 3> 4> backup spfile format '/u02/backup/rman/fulldb_backup/spf_%d_%T_%s.bck';
backup current controlfile format '/u02/backup/rman/fulldb_backup/ctlfileL0_%d_%T.bck';
}
5> 6>
Starting backup at 23-APR-24
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=270 device type=DISK
channel ORA_DISK_1: starting compressed incremental level 0 datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00003 name=/u01/app/oracle/oradata/ORA19CDB/sysaux01.dbf
input datafile file number=00001 name=/u01/app/oracle/oradata/ORA19CDB/system01.dbf
input datafile file number=00004 name=/u01/app/oracle/oradata/ORA19CDB/undotbs01.dbf
input datafile file number=00007 name=/u01/app/oracle/oradata/ORA19CDB/users01.dbf
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_1.bck tag=FULLDB_BACKUP comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:01:05
channel ORA_DISK_1: starting compressed incremental level 0 datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00010 name=/u01/app/oracle/oradata/ORA19CDB/pdb_test1/sysaux01.dbf
input datafile file number=00009 name=/u01/app/oracle/oradata/ORA19CDB/pdb_test1/system01.dbf
input datafile file number=00011 name=/u01/app/oracle/oradata/ORA19CDB/pdb_test1/undotbs01.dbf
input datafile file number=00012 name=/u01/app/oracle/oradata/ORA19CDB/pdb_test1/users01.dbf
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_2.bck tag=FULLDB_BACKUP comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:35
channel ORA_DISK_1: starting compressed incremental level 0 datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00014 name=/u01/app/oracle/oradata/ORA19CDB/14684F4DE5513241E0638278A8C0F89E/datafile/o1_mf_sysaux_m007lyqn_.dbf
input datafile file number=00013 name=/u01/app/oracle/oradata/ORA19CDB/14684F4DE5513241E0638278A8C0F89E/datafile/o1_mf_system_m007lyoc_.dbf
input datafile file number=00015 name=/u01/app/oracle/oradata/ORA19CDB/14684F4DE5513241E0638278A8C0F89E/datafile/o1_mf_undotbs1_m007lyqo_.dbf
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_3.bck tag=FULLDB_BACKUP comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:35
channel ORA_DISK_1: starting compressed incremental level 0 datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
input datafile file number=00006 name=/u01/app/oracle/oradata/ORA19CDB/pdbseed/sysaux01.dbf
input datafile file number=00005 name=/u01/app/oracle/oradata/ORA19CDB/pdbseed/system01.dbf
input datafile file number=00008 name=/u01/app/oracle/oradata/ORA19CDB/pdbseed/undotbs01.dbf
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_4.bck tag=FULLDB_BACKUP comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:35
Finished backup at 23-APR-24
Starting backup at 23-APR-24
current log archived
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed archived log backup set
channel ORA_DISK_1: specifying archived log(s) in backup set
input archived log thread=1 sequence=59 RECID=1 STAMP=1167020755
input archived log thread=1 sequence=60 RECID=2 STAMP=1167021152
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/arch_ORA19CDB_20240423_5.bck tag=TAG20240423T043232 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:03
Finished backup at 23-APR-24
Starting backup at 23-APR-24
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
including current SPFILE in backup set
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/spf_ORA19CDB_20240423_6.bck tag=TAG20240423T043235 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 23-APR-24
Starting backup at 23-APR-24
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
including current control file in backup set
channel ORA_DISK_1: starting piece 1 at 23-APR-24
channel ORA_DISK_1: finished piece 1 at 23-APR-24
piece handle=/u02/backup/rman/fulldb_backup/ctlfileL0_ORA19CDB_20240423.bck tag=TAG20240423T043237 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 23-APR-24
Starting Control File and SPFILE Autobackup at 23-APR-24
piece handle=/u01/app/oracle/fast_recovery_area/ORA19CDB/autobackup/2024_04_23/o1_mf_s_1167021159_m2gwk7ds_.bkp comment=NONE
Finished Control File and SPFILE Autobackup at 23-APR-24
Hence the backup of CDB & PDB Database completed successfully.
Create a restore point.
SYS @ ora19cdb > create restore point bkp_pri_tde; Restore point created.
Set the location of the wallet_root, and the tde configuration., after this database need to bounced.
SYS @ ora19cdb > alter system set WALLET_ROOT='/u01/app/oracle/admin/ora19cdb/xdb_wallet/' scope=spfile; System altered.
Shutdown the DB & Startup
SYS @ ora19cdb > shut immediate SYS @ ora19cdb > shut startup SYS @ ora19cdb > alter pluggable database all open;
Set this PARAMAETER & Verify
SYS @ ora19cdb > alter system set tde_configuration='KEYSTORE_CONFIGURATION=FILE' scope=both; System altered.
SYS @ ora19cdb > show parameter WALLET_ROOT NAME TYPE VALUE ----------------------------------------------------------------------- wallet_root string /u01/app/oracle/admin/ora19cdb/xdb_wallet/
SYS @ ora19cdb > show parameter tde_configuration NAME TYPE VALUE ---------------------------------------------------------------- tde_configuration string KEYSTORE_CONFIGURATION=FILE
OR Verfiy by below query
SYS @ ora19cdb > set linesize 120 SYS @ ora19cdb > column wrl_parameter format a40 SYS @ ora19cdb > column wrl_type heading 'Type' format a10 SYS @ ora19cdb > column status heading 'Status' format a20 SYS @ ora19cdb > column fully_backed_up heading 'Backed Up' format a15 SYS @ ora19cdb > column pdb_name heading 'PDB Name' format a15 SYS @ ora19cdb > select b.name pdb_name,wrl_type,wrl_parameter,status,wallet_type,keystore_mode,fully_backed_up from v$encryption_wallet a,v$containers b where a.con_id = b.con_id(+); PDB Name Type WRL_PARAMETER Status WALLET_TYPE KEYSTORE Backed Up ---------- ---------- -------------------------------------------------- ------------------------------ ------------------ CDB$ROOT FILE /u01/app/oracle/admin/ora19cdb/xdb_wallet//tde/ NOT_AVAILABLE UNKNOWN NONE UNDEFINED PDB$SEED FILE NOT_AVAILABLE UNKNOWN UNITED UNDEFINED PDB_TEST1 FILE NOT_AVAILABLE UNKNOWN UNITED UNDEFINED PDB_TEST2 FILE NOT_AVAILABLE UNKNOWN UNITED UNDEFINED
– Here all PDBs, and that the status is “NOT_AVAILABLE” as i have not created a wallet or any master keys yet.
– The keystore is UNITED, It means all the keys of both CDB & all PDBs are assumed to be contained in the same Wallet file.
– TDE Wallet file is default as created above WALLET_ROOT/tde directory for the CDB.
Let us create keystore & open it for CDB, All PDBs.
First: Create the directory to hold the keystore wallet at OS Level.
[oracle@ora19cdb ~]$ mkdir -p /u01/app/oracle/admin/ora19cdb/xdb_wallet/tde
Create keystore for CDB
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT CREATE KEYSTORE '/u01/app/oracle/admin/ora19cdb/xdb_wallet/tde' IDENTIFIED BY "F1LETDE2024"; keystore altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024"; keystore altered.
Create Keystore for PDBs
SYS @ ora19cdb > show pdbs CON_ID CON_NAME OPEN MODE RESTRICTED ---------- ------------------------------------- 2 PDB$SEED READ ONLY NO 3 PDB_TEST1 READ WRITE NO 4 PDB_TEST2 READ WRITE NO
SYS @ ora19cdb > alter session set container=PDB_TEST1; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024" CONTAINER = CURRENT; keystore altered.
SYS @ ora19cdb > alter session set container=PDB_TEST2; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024" CONTAINER = CURRENT; keystore altered.
Note:
– Here each PDB shares the keystore with the CDB & It’s in Isolated Mode
– Therefore let us create the Individual Keystore for each PDB and they would be subdirectories under the WALLET_ROOT Location as above.
Let’s check the encryption settings in v$encryption_wallet. Below you can see that there is a single wallet setting (UNITED keystore), and the status is “OPEN_NO_MASTER_KEY” and master key has not been set for CDB, or the PDBs.
SYS @ ora19cdb > set linesize 300 SYS @ ora19cdb > select b.name pdb_name,wrl_type,wrl_parameter,status,wallet_type,keystore_mode,fully_backed_up from v$encryption_wallet a,v$containers b where a.con_id = b.con_id(+); PDB Name Type WRL_PARAMETER Status WALLET_TYPE KEYSTORE Backed Up --------------- ---------- ---------------------------------------- -------------------- -------------------- --------------------- CDB$ROOT FILE /u01/app/oracle/admin/ora19cdb/xdb_wallet//tde/ OPEN_NO_MASTER_KEY PASSWORD NONE UNDEFINED PDB$SEED FILE CLOSED UNKNOWN UNITED UNDEFINED PDB_TEST1 FILE OPEN_NO_MASTER_KEY PASSWORD UNITED UNDEFINED PDB_TEST2 FILE OPEN_NO_MASTER_KEY PASSWORD UNITED UNDEFINED
Let’s create the master keys for the CDB & all PDB., A master key is needed to encrypt the tablespace encryption keys stored in the datafiles.
CDB
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET encryption KEY using tag 'TDE_ORA19CDB MASTERKEY_23_APRIL_2024' IDENTIFIED BY "F1LETDE2024" WITH BACKUP USING 'TDE_ORA19CDB_TDEKEY_23_APRIL_2024_BKP'; keystore altered.
PDBs
SYS @ ora19cdb > alter session set container=PDB_TEST1; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET encryption KEY using tag 'TDE_PDB_TEST1 MASTERKEY_23_APRIL_2024' IDENTIFIED BY "F1LETDE2024" WITH BACKUP USING 'TDE_PDB_TEST1_TDEKEY_23_APRIL_2024_BKP' container=current; keystore altered.
SYS @ ora19cdb > alter session set container=PDB_TEST2; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET encryption KEY using tag 'TDE_PDB_TEST2 MASTERKEY_23_APRIL_2024' IDENTIFIED BY "F1LETDE2024" WITH BACKUP USING 'TDE_PDB_TEST2_TDEKEY_APRIL_2024_BKP' container=current; keystore altered.
Note: Use the tag to identifies the key with the CDB or PDB.
Verify once again to see all the wallet is open for all CDBs/PDBs except for the PDB$SEED. The wallet type is “PASSWORD” which means that the wallet needs to be manually opened with a password.
SYS @ ora19cdb > select b.name pdb_name,wrl_type,wrl_parameter,status,wallet_type,keystore_mode,fully_backed_up from v$encryption_wallet a,v$containers b where a.con_id = b.con_id(+); PDB Name Type WRL_PARAMETER Status WALLET_TYPE KEYSTORE Backed Up --------------- ---------- ---------------------------------------- -------------------- ----------------------------------- CDB$ROOT FILE /u01/app/oracle/admin/ora19cdb/xdb_wallet//tde/ OPEN PASSWORD NONE NO PDB$SEED FILE CLOSED UNKNOWN UNITED UNDEFINED PDB_TEST1 FILE OPEN PASSWORD UNITED NO PDB_TEST2 FILE OPEN PASSWORD UNITED NO
As of now we have master key set & the wallet is open, let’s implement the TDE by encrypted the tablespace in PDBs,
Note:
– There is another option is to encrypt online from Oracle Db 12C & above versions, In this case the db will excrypt each datafile in tablespace sequentially while db is online and active state.
– If its online it takes much longer than performing a restore as datafile are encrypted ” restore tablespace as encrypted”
– This process require more storage.
Now startup mount and open the wallets, restore 2 PDBs users tablespaces, along with the users tablespace in CDB, and then recover and open the database.
SYS @ ora19cdb > shutdown immediate; SYS @ ora19cdb > startup mount;
Open the wallet for CDB
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024"; keystore altered.
Open the wallet for PDBs
SYS @ ora19cdb > alter session set container=PDB_TEST1; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024" CONTAINER = CURRENT; keystore altered.
SYS @ ora19cdb > alter session set container=PDB_TEST2; Session altered.
SYS @ ora19cdb > ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "F1LETDE2024" CONTAINER = CURRENT; keystore altered.
Start the Restore users tablespace for CDB
RMAN> restore tablespace users as encrypted; Starting restore at 23-APR-24 allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=13 device type=DISK channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00007 to /u01/app/oracle/oradata/ORA19CDB/users01.dbf channel ORA_DISK_1: reading from backup piece /u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_1.bck channel ORA_DISK_1: piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_1.bck tag=FULLDB_BACKUP channel ORA_DISK_1: restored backup piece 1 channel ORA_DISK_1: restore complete, elapsed time: 00:00:01 Finished restore at 23-APR-24
Start the Restore users tablespace for PDBs
RMAN> restore tablespace PDB_TEST1:users as encrypted; Starting restore at 23-APR-24 using channel ORA_DISK_1 channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00012 to /u01/app/oracle/oradata/ORA19CDB/pdb_test1/users01.dbf channel ORA_DISK_1: reading from backup piece /u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_2.bck channel ORA_DISK_1: piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_2.bck tag=FULLDB_BACKUP channel ORA_DISK_1: restored backup piece 1 channel ORA_DISK_1: restore complete, elapsed time: 00:00:01 Finished restore at 23-APR-24
RMAN> restore tablespace PDB_TEST2:users as encrypted; Starting restore at 23-APR-24 using channel ORA_DISK_1 channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00012 to /u01/app/oracle/oradata/ORA19CDB/pdb_test2/users01.dbf channel ORA_DISK_1: reading from backup piece /u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_2.bck channel ORA_DISK_1: piece handle=/u02/backup/rman/fulldb_backup/df_ORA19CDB_20240423_2.bck tag=FULLDB_BACKUP channel ORA_DISK_1: restored backup piece 1 channel ORA_DISK_1: restore complete, elapsed time: 00:00:01 Finished restore at 23-APR-24
Recover Database
[oracle@ora19cdb ~]$ rman target / Recovery Manager: Release 19.0.0.0.0 - Production on Tue Apr 23 06:33:26 2024 Version 19.18.0.0.0 Copyright (c) 1982, 2019, Oracle and/or its affiliates. All rights reserved. connected to target database: ORA19CDB (DBID=708841121, not open) RMAN>recover database; Starting recover at 23-APR-24 using target database control file instead of recovery catalog allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=9 device type=DISK starting media recovery media recovery complete, elapsed time: 00:00:01 Finished recover at 23-APR-24
Open the database
RMAN> alter database open; Statement processed
Verify the all new tablespaces are encrypted by default, set the below parameter to set tablespace are encrypted
SYS @ ora19cdb > alter system set encrypt_new_tablespaces = ALWAYS scope = both; System altered.
Note: By default it’s CLOUD_ONLY.
Encrypt all credentials that contained in the root container
In order to encrypt all credentials (like scheduler credentials, and DB Link credentials) that are stored in the system catalogs, you need to login as a user granted “SYSKM” role and execute
Verify the tablespace are encrypted
set linesize 150
set pagesize 50
column pdb_name heading "PDB Name" format a15
column tablespace_name heading "Tablespace Name" format a30
column masterkeyid_base64 heading "Master Key ID" format a60
column encrypted heading "Encrypted" format a10
break on pdb_name skip 1
select pdb_name,
tablespace_name,encrypted,
utl_raw.cast_to_varchar2( utl_encode.base64_encode('01'||substr(mkeyid,1,4))) || utl_raw.cast_to_varchar2( utl_encode.base64_encode(substr(mkeyid,5,length(mkeyid)))) masterkeyid_base64
FROM (select t.name tablespace_name,
z.name pdb_name,
t.con_id, encrypted,
RAWTOHEX(x.mkid) mkeyid
from v$tablespace t,
x$kcbtek x,
v$containers z,
cdb_tablespaces q
where t.ts#=x.ts#
and t.con_id=x.con_id
and t.con_id=z.con_id
and t.con_id = q.con_id
and t.name = q.tablespace_name)
order by pdb_name,tablespace_name;
PDB Name Tablespace Name Encrypted Master Key ID
--------------- ------------------------------ ---------- -----------------------------------
CDB$ROOT SYSAUX NO ASAytFXfUE+nv5lm/aoN5ow=
SYSTEM NO ASAytFXfUE+nv5lm/aoN5ow=
TEMP NO ASAytFXfUE+nv5lm/aoN5ow=
UNDOTBS1 NO ASAytFXfUE+nv5lm/aoN5ow=
USERS YES ASAytFXfUE+nv5lm/aoN5ow=
PDB_TEST1 SYSAUX NO AWmWCHpdJU8yv8wgjDE2/RI=
SYSTEM NO AWmWCHpdJU8yv8wgjDE2/RI=
TEMP NO AWmWCHpdJU8yv8wgjDE2/RI=
UNDOTBS1 NO AWmWCHpdJU8yv8wgjDE2/RI=
USERS YES AWmWCHpdJU8yv8wgjDE2/RI=
PDB_TEST2 SYSAUX NO ARRhTLfHn0/iv+nPx8bsYZc=
SYSTEM NO ARRhTLfHn0/iv+nPx8bsYZc=
TEMP NO ARRhTLfHn0/iv+nPx8bsYZc=
UNDOTBS1 NO ARRhTLfHn0/iv+nPx8bsYZc=
USERS YES ARRhTLfHn0/iv+nPx8bsYZc=
Verify all the TDE Files exist at OS Level
[oracle@ora19cdb ~]$ cd /u01/app/oracle/admin/ora19cdb/xdb_wallet/tde/ [oracle@ora19cdb tde]$ ls ewallet_2024042309214506_TDE_ORA19CDB_TDEKEY_23_APRIL_2024_BKP.p12 ewallet_2024042309230323_TDE_PDB_TEST2_TDEKEY_APRIL_2024_BKP.p12 ewallet_2024042309223381_TDE_PDB_TEST1_TDEKEY_23_APRIL_2024_BKP.p12 ewallet.p12