Oracle TDE Key Rotation

The rekey operation is initiated in Oracle Server. The Oracle Server deactivates the existing key and creates a new master key. The encryption key is then wrapped using the new master key.

Important: You cannot rotate the Oracle TDE Key from the Cryptographic Security Platform Vault for Databases.

1. Ensure that the hardware wallet is open.

2. Run the following command: 

   ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY "file:/opt/oracle/entrust/orcl.conf" CONTAINER = ALL;

   Note: If you want to use the force option, run the following command: 

   ADMINISTER KEY MANAGEMENT SET KEY FORCE IDENTIFIED BY "file:/opt/oracle/entrust/orcl.conf" CONTAINER = ALL;