Hello Firends,
In this post we will discuss , How to configure key after adding new PDB in Database using TED .
So lets get started .
So in this senario we are adding a new pdb and we are getting an error while creating tablespace
Error : ORA-28361: master key not yet set
ORA-28361 is an Oracle error code that typically indicates that the master encryption key for Transparent Data Encryption (TDE) has not been set. TDE is a feature in Oracle that allows encryption of sensitive data in the database.
Here are some steps you can take to diagnose and potentially resolve this error:
Create Pluggable database
SQL> create pluggable database BIGBD ADMIN USER Admin IDENTIFIED BY Password#;
Pluggable database created.
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 TT4P READ WRITE NO
4 BIGBD MOUNTED
SQL>
Open PDB in read write :
SQL> alter pluggable database BIGBD open read write;
Pluggable database altered.
SQL> show pdbs
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 TT4P READ WRITE NO
4 BIGBD READ WRITE NO
Connect to PDB :
SQL> alter session set container=BIGBD;
Session altered.
Create Tablespace Error : ORA-28361: master key not yet set
SQL> create tablespace bigtab datafile '+DATAC1' size 2G autoextend on next 500M maxsize 10G;
create tablespace bigtab datafile '+DATAC1' size 2G autoextend on next 500M maxsize 10G
*
ERROR at line 1:
ORA-28361: master key not yet set
Check the wallet : issue OPEN_NO_MASTER_KEY
SQL> select * from v$encryption_wallet;
INST_ID WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
---------- -------------------- ---------------------------------------- ------------------------------ -------------------- --------- -------- --------- ----------
1 FILE OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNITED NO 4
Create a encryption key for PDB : You should be in PDB to create this :
SQL> administer key management create encryption key using tag 'bigbd_key' force keystore identified by "Welcome1#" with backup using 'bigbd_rekey';
keystore altered.
check the key generated :
SQL> select key_id from v$encryption_keys where tag='bigbd_key';
KEY_ID
------------------------------------------------------------------------------
AYA+KPWPME/6v8PY0PLs/UYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Use the key for the keystore using password
SQL> administer key management use encryption key 'AYA+KPWPME/6v8PY0PLs/UYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' force keystore identified by "Password#" with backup;
keystore altered.
Now try to create the tablespace it will work as below :
SQL> create tablespace bigtab datafile '+DATAC1' size 2G autoextend on next 500M maxsize 10G;
Tablespace created.
Check the wallet now :
SQL> col WRL_PARAMETER for a40
SQL> set lines 200
SQL> select * from gv$encryption_wallet;
INST_ID WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR KEYSTORE FULLY_BAC CON_ID
---------- -------------------- ---------------------------------------- ------------------------------ -------------------- --------- -------- --------- ----------
1 FILE OPEN AUTOLOGIN SINGLE UNITED NO 4
2 FILE OPEN AUTOLOGIN SINGLE UNITED NO 4
SQL>
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
4 BIGBD READ WRITE NO
Hope this helps ,
Note This solution is senario based , Check in test before use .
ConversionConversion EmoticonEmoticon