News

  1. Home
  2. All posts
All posts, Oracle by Team Ajara

Step by step TDE Backout or rollback plan

Step by Step Transparent Data Encryption Backout or rollback plan

  • To disable enryption of  TDE on tablespaces
  • To decrypt the TDE on tablespaces

 

Step 1) set the environment

. oraenv
ORCLP

Step 2)connect to databse

sqlplus “/as sysdba”

Step 3) Decrypt the tablespaces : Prepare below .sql script

vi /home/oracle/ts_decryption.sql
spool /u00/app/oracle/tsdecryption_ts.sql
set time on timing on
set pages 90
select tablespace_name,encrypted,status from dba_Tablespaces;
alter tablespace  users encryption online decrypt;
select tablespace_name,encrypted,status from dba_Tablespaces;
spool off;
Note : put all the tablespaces in the script with below format
alter tablespace  <tbs> encryption online decrypt;

Step 4) Prepare the shell script to run in the back ground.

call the SQL script in the shell script as below.
vi /home/oracle/ts_dencryption.sh
export ORACLE_SID=ORCLP
export ORACLE_HOME=/u01/app/oracle/product/19.0.0.0/dbhome_2
for ORACLE_SID in uszqa
do
if
     [ `uname -s` = HP-UX ]   ;
         then echo  “This is HP-UX”
                 ORACLE_HOME=`cat /etc/oratab |grep $ORACLE_SID |awk -F: ‘{print $2}’`
                               elif [ `uname -s` = SunOS ] ;
                                       then echo “This is Sun”
                                                   ORACLE_HOME=`cat /var/opt/oracle/oratab |grep $ORACLE_SID |awk -F: ‘{print $2}’`
                                                    fi
                                                        ORAENV_ASK=NO
                                                                ORACLE_SID=$ORACLE_SID
                                                                      export $ORACLE_SID
                                                                                . oraenv
 ${ORACLE_HOME}/bin/sqlplus -s “/ as sysdba” </home/oracle/ts_decryption.sql >>/home/oracle/ORCLP_ts_decryption_`date +”%m_%d_%Y_%H_%M”`.txt
                                                                                 done

Step 5 ) run the shell script :

$ nohup sh /home/oracle/ts_dencryption.sh > /home/oracle/ts_dencryption_`date +”%m_%d_%Y_%H_%M”`.log &
Verify the log : /home/oracle/ORCLP_ts_decryption_`date +”%m_%d_%Y_%H_%M”`.txt

Step 6) Verify the Tablespace status

select tablespace_name,encrypted,status from dba_Tablespaces;

Step 7) Remove the wallet_root directory

step by step TDE Backout or rollback plan
SQL > sho parameter wallet_root

rm -rf <wallet root dir path>

Step 8) reset the parameter tde_configuration value to null

 

See Also: