Encrypting Multiple Oracle Databases with one Command

You can now prepare multiple databases for encryption and encrypt all of them using one command. Before you begin, please review Enabling TDE on a Non-Encrypted Oracle Database using Scripts.

Most of the commands in this section use the following options:

Option Description

Option	Description
`[-all]`	Apply the operation to all databases.
`[-dblist <dblist_file>]`	Apply the operations to all databases listed in the dblist file. The dblist file should contain a newline-separated list of database SIDs.

[-all]

Apply the operation to all databases.

[-dblist <dblist_file>]

Apply the operations to all databases listed in the dblist file.

The dblist file should contain a newline-separated list of database SIDs.

Procedure

List the available databases using the following command:
Copy
```
./encrypt.sh listdatabases
```
Note: If the Oracle server does not have Clusterware set up, you will be prompted to provide the path to the Oracle Home directory ($ORACLE_HOME). If you have multiple ORACLE_HOME directories, you will need to run the command for each ORACLE_HOME directory.
Prepare to encrypt the databases using the following command:
Copy
```
./encrypt.sh setenv -all
```
This is an interactive process that will prompt for the necessary information, such as the software wallet password. If you do not want to encrypt all of the databases, use the -dblist <dblist_file> option.
If your databases are NOT encrypted with a software keystore, use the following command to encrypt all the prepared databases:
Copy
```
./encrypt.sh encrypt -all
```
Note: If you do not want to encrypt all of the databases, use the -dblist <dblist_file> option.
If your databases are already encrypted with a software keystore, use the following command to migrate all the prepared databases to CSP Vault-based encryption:
Copy
```
./encrypt.sh migrate -all
```
Note: If you do not want to encrypt all of the databases, use the -dblist <dblist_file> option.
Optionally check the encryption or migration status of the prepared databases using the following command:
Copy
```
./encrypt.sh status -all
```
Set up auto login for all the CSP Vault-based encrypted databases using the following command:
Copy
```
./encrypt.sh setup_auto_login -all
```
If you are using Data Guard, and your databases are not yet encrypted, do the following:
1. Ensure that you have encrypted the databases (Step 3).
2. Set up the standby server using the following command:
  Copy
```
./encrypt.sh standby setup -all
```
If you are using Data Guard, and your databases are encrypted using software wallet, do the following:
1. Ensure that you have migrated the databases on the primary to CSP Vault-based encryption (Step 4) and set up auto login (step 6).
2. Copy all the wallet files from the primary to the standby server.
3. Resync the standby server using the following command:
  Copy
```
./encrypt.sh standby resync -all
```