Skip to Main Content
  • Questions
  • Reusing masterkeys in TDE once reset

Breadcrumb

May 4th

Question and Answer

Connor McDonald

Thanks for the question, jithu.

Asked: June 08, 2023 - 6:26 am UTC

Last updated: June 12, 2023 - 4:29 am UTC

Version: 19.16

Viewed 1000+ times

You Asked

Hi Team

We are implementing a change data capture setup in our environment where the source database has TDE in place. The encryption is performed using oracle key management and we would want to know till how long the old masterkey will be valid once after we reset the masterkey either automatically based on the 180 days timeline or manually

and Connor said...

I'm not sure what you mean by "use the old masterkey". Master keys *stay* in the keystore , eg

SQL> select key_id, con_id, tag from  V$ENCRYPTION_KEYS;

KEY_ID         CON_ID TAG
------------------------------------------------------------ ---------- ----------------------------------------
AbJFXMc8JU+iv/icpuK9pugAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        4 first master key all
ASAFYJUH9E+pvwSnPNt5ngIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        4 rekey all
AQiX5W3Z9U/yv0tofN40hqgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        1 rekey all
AQX/QNJB/097v92/0roZblgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        1 first master key cdb
AeMcgi85z08fvxyvToU5KC8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA        1 first master key all
AdvotYCtj0/+v9/u81AjGxYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        3 first master key all
AbeBjmW0xU/lv82VX2QVraQAAAAAAAAAAAAAAAAAAAAAAAAAAAAA        3 rekey all


and there is no way to remove them (MOS note 2216279.1 talks about how to do this, but basically its exporting/importing keys in a new keystore)


Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Clarification

jithu jayapal, June 09, 2023 - 4:44 am UTC

Hi Team

We have Configured change data capture and our main intention is to properly understand till how long the old masterkey will be used to sync the CDC once the masterkey has changed.

I tried looking into various documentations and its not mentioned anywhere clearly

Thanks
Jithu
Connor McDonald
June 12, 2023 - 4:29 am UTC

Are you referring to Goldengate or something else?

Some more details would be appreciated.

More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database