Setting up Transparent Data Encryption(TDE) in Oracle

1. Check for wallet existence and open status.

   SELECT * FROM V$ENCRYPTION_WALLET;

2. If the wallet exists and is not open, open the wallet with the password used during creation.

   ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY <wallet password>;

3. If the wallet does not exist, create a wallet as follows, otherwise proceed to step 4.

   1. The wallet is created at the location specified in the sqlnet.ora file in the $ORACLE_HOME\network\admin directory. Add the following entry in the sqlnet.ora file. Specify a directory name in place of <directory>.

      ENCRYPTION_WALLET_LOCATION = (SOURCE=(METHOD=FILE)(METHOD_DATA = (DIRECTORY=<directory>)))

   2. Create the wallet with the following command

      ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY <wallet password>;

4. Encrypting the USERS Tablespace.

   1. Check if the USERS tablespace is encrypted.

      SELECT TABLESPACE_NAME, ENCRYPTED FROM DBA_TABLESPACES where TABLESPACE_NAME = 'USERS';

   2. If the ENCRYPTED column value is 'YES', proceed to the "Import the Databases" section.

   3. If the ENCRYPTED column value is 'NO', continue with the following steps.

      1. Take the USERS tablespace offline.

         ALTER TABLESPACE USERS OFFLINE;

      2. Encrypt the USERS tablespace and bring it back online.

         ALTER TABLESPACE USERS ENCRYPTION OFFLINE ENCRYPT; ALTER TABLESPACE USERS ONLINE;

      3. Verify the USERS tablespace is now encrypted. The ENCRYPTED column value should show 'YES'.

         SELECT TABLESPACE_NAME, ENCRYPTED FROM DBA_TABLESPACES where tablespace_name = 'USERS';

         Note: If there are other tablespaces containing application data, repeat step 4 for each tablespace.