Blog do Dibiei

Maicon Carneiro, Oracle ACE Pro ♠

OCI Transparent Data Encryption

Wallet com status OPEN_NO_MASTER_KEY em DB System OCI: Ajustando configuração com dbcli update-tdekey

ByMaicon Carneiro

May 3, 2021 #dbcli, #dbcli update-tdekey, #OCI DBCS, #OPEN_NO_MASTER_KEY

Um PDB foi criado no CDB do DB System na OCI, a wallet tem o status OPEN no CDB root e “OPEN_NO_MASTER_KEY” no PDB1:

SQL> SHOW PDBS;

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 PDB1                           READ WRITE NO

Consultando no CDB root:

SQL> SELECT WALLET_TYPE, STATUS  FROM V$ENCRYPTION_WALLET;

WALLET_TYPE          STATUS
-------------------- ------------------------------
AUTOLOGIN            OPEN

Consultando no PDB:

SQL> ALTER SESSION SET CONTAINER=PDB1;

Session altered.

SQL> SELECT WALLET_TYPE, STATUS  FROM V$ENCRYPTION_WALLET;

WALLET_TYPE          STATUS
-------------------- ------------------------------
AUTOLOGIN            OPEN_NO_MASTER_KEY

Precisamos definir a Master Encryption Key no PDB, a maneira mais simples de fazer isso é usar a automação oferecida pelo DBCLI, usando a função update-tdekey.

Primeiro precisamos identificar Database ID:

[root@db ~]# dbcli list-databases

ID                                       DB Name    DB Type  DB Version           CDB        Class    Shape    Storage    Status        DbHomeID
---------------------------------------- ---------- -------- -------------------- ---------- -------- -------- ---------- ------------ ----------------------------------------
3c44c053-2979-468c-85b7-ae195c006298     CDB1       Si       12.1.0.2.210119      true       Oltp              ASM        Configured   fd1c586b-6cfd-4d2a-8d86-506100312b07

Então usamos a função update-tdekey do dbcli, onde:

  • -i –> ID retornando no comando dbcli list-databases
  • -n –> Nome do PDB
  • -p –> Senha da wallet, por padrão é a mesma senha de Admin do DB System
[root@db ~]# dbcli update-tdekey -i 3c44c053-2979-468c-85b7-ae195c006298 -n PDB1 -p SenhaDbSystem

{
  "jobId" : "f12934f0-7ce6-4c57-a880-294f53d4c5da",
  "status" : "Created",
  "message" : null,
  "reports" : [ ],
  "createTimestamp" : "May 02, 2021 22:29:41 PM AMT",
  "resourceList" : [ ],
  "description" : "TDE update CDB1 - PDBs: [PDB1]",
  "updatedTime" : "May 02, 2021 22:29:48 PM AMT",
  "percentageProgress" : "0%",
  "cause" : null,
  "action" : null
}

Podemos consultar o status do JOB, é uma operação rápida:

[root@db ~]# dbcli describe-job -i f12934f0-7ce6-4c57-a880-294f53d4c5da

Job details
----------------------------------------------------------------
                     ID:  f12934f0-7ce6-4c57-a880-294f53d4c5da
            Description:  TDE update CDB1 - PDBs: [PDB1]
                 Status:  Success
                Created:  May 2, 2021 10:29:41 PM AMT
               Progress:  100%
                Message:

Tendo concluído o processo, podemos checar o status da wallet no PDB pelo SQLPLUS novamente:

[oracle@db ~]$ sqlplus / as sysdba

SQL*Plus: Release 12.1.0.2.0 Production on Sun May 2 22:31:06 2021

Copyright (c) 1982, 2014, Oracle.  All rights reserved.


Connected to:
Oracle Database 12c Standard Edition Release 12.1.0.2.0 - 64bit Production
With the Automatic Storage Management option

SQL> ALTER SESSION SET CONTAINER=PDB1;

Session altered.

SQL> SELECT WALLET_TYPE, STATUS FROM V$ENCRYPTION_WALLET;

WALLET_TYPE          STATUS
-------------------- ------------------------------
AUTOLOGIN            OPEN

By Maicon Carneiro

Related Post

Transparent Data Encryption

How to Convert Oracle TDE from Oracle Key Vault (OKV) to Local Wallet (FILE)

Jan 17, 2026 Maicon Carneiro
Security Transparent Data Encryption

Oracle TDE – User-Defined Key: Como Criar Uma Master Encryption Key (MEK) Com a Sua Própria Chave

Oct 9, 2024 Maicon Carneiro
Oracle Database Security Transparent Data Encryption

Como Recriar a Wallet TDE Sem a Senha Atual Com Merge Usando AUTOLOGIN

Oct 1, 2024 Maicon Carneiro
One thought on “Wallet com status OPEN_NO_MASTER_KEY em DB System OCI: Ajustando configuração com dbcli update-tdekey”

Leave a Reply to MIGRAR BANCO IAAS PARA PAAS – Blog DBA FocusCancel reply

Outros posts

Out-Of-Place Patching

Out-Of-Place Patching is Easier in Oracle 26ai Using “-setupHomeAs” To Install new GI and DB homes

6 de April de 2026 Maicon Carneiro
Performance

How to Identify the Plan Hash Value With the Shortest Average Execution Time for Each SQL_ID in the Cursor Cache and Create SPM Baselines

18 de March de 2026 Maicon Carneiro
Erros

gridSetup.sh -switchGridHome fails with PRVG-2031 : Owner of file “<GRID_HOME>/bin/oradism” did not match the expected value on node

15 de March de 2026 Maicon Carneiro
Exadata

How to Change the ADMIN Password in the Exadata RoCE Switches

12 de March de 2026 Maicon Carneiro

Discover more from Blog do Dibiei

Subscribe now to keep reading and get access to the full archive.

Continue reading