In the previous initial post we understood how to implement the TDE at the column level, the below procedure explains how to rollback the TDE columns from the database.
=============================================================
List out all the encrypted columns in the database and decrypt them using below kind of statements.
............................................
............................................
column table_name format a30;
column column_name format a30;
column encryption_alg format a25;
select owner,table_name
, column_name
, encryption_alg
from dba_encrypted_columns order by owner;
ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY Password;
4. Remove the Wallet location from sqlnet.ora (IFILE if its EBS).
================================================================
Note:- Hidden Parameter to skip old lost master encryption keys in oracle TDE
ALTER SYSTEM SET "_db_discard_lost_masterkey"= TRUE ;
=================================================================================
=============================================================
Rollback Plan:-
=============================================================List out all the encrypted columns in the database and decrypt them using below kind of statements.
1. Data Decrypt:-
ALTER TABLE HR.PER_PAY_PROPOSALS MODIFY (PROPOSED_SALARY_N DECRYPT);............................................
............................................
2. Make sure No encrypted columns exist:-
col owner format a5column table_name format a30;
column column_name format a30;
column encryption_alg format a25;
select owner,table_name
, column_name
, encryption_alg
from dba_encrypted_columns order by owner;
3. Close the Password-based keystore:-
ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY Password;
4. Remove the Wallet location from sqlnet.ora (IFILE if its EBS).
================================================================
Note:- Hidden Parameter to skip old lost master encryption keys in oracle TDE
ALTER SYSTEM SET "_db_discard_lost_masterkey"=
=================================================================================
No comments:
Post a Comment