Convert password-protected software keystore to auto-login

This section describes how to do the following:

• convert the keystore to AutoLogin

• take a backup of the keystore

Set the keystore to automatic login without having to open the keystore manually. The keystore must be open before the TDE master encryption keys can be accessed.

To set the keystore to auto-login:

1. On CDB level, convert the keystore to auto_login.

administer key management create auto_login keystore from keystore identified by SuperSecretPass;

select * from v$ENCRYPTION_WALLET;

This creates the cwallet.sso file located in /u01/app/oracle/admin/ora19c/encryption_wallet/tde.

2. Open the PDBs if not opened.

show pdbs

alter pluggable database all open;

3. Once all the above changes are done, take a full backup of the keystore.

administer key management backup keystore using 'Walletfullbackup' force keystore identified by SuperSecretPass;

4. Verify that the backup was completed.

select * from v$ENCRYPTION_WALLET;

• The column FULLY_BACKED_UP will be YES.

• The file walletfullbackup.p12 should appear in /u01/app/oracle/admin/ora19c/encryption_wallet/tde.