<<Back to Oracle DB Security Main Page
Changing the Software Keystore (TDE Wallet) Password
Changing the Password of a Software Keystore is fully online. You can change the Software Keystore password (rotate) at any time. To change the password you must specify the WITH BACKUP clause, which backup the current keystore.Syntax:
ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD [FORCE KEYSTORE] IDENTIFIED BY
old_password SET new_password [WITH BACKUP [USING 'backup_identifier']];
SQL> ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD FORCE KEYSTORE IDENTIFIED BY xxxx set xxxx with backup using 'Key_bkp';
keystore altered.
NOTE1: If AUTO LOGIN wallet is open you must either specify the FORCE KEYSTORE to temporarily open the keystore to change the password
OR
follow these steps
close the auto login wallet
SQL> ADMINISTER KEY MANAGEMENT set keystore close;
keystore altered.
open the password wallet
SQL> ADMINISTER KEY MANAGEMENT set keystore open identified by xxxx;
keystore altered.
change the password
SQL> ADMINISTER KEY MANAGEMENT ALTER KEYSTORE PASSWORD IDENTIFIED BY xxxx set xxxx with backup using 'Key_bkp';
keystore altered.
close the password wallet
SQL> ADMINISTER KEY MANAGEMENT set keystore close identified by xxxx;
keystore altered.
NOTE2: FORCE KEYSTORE clause of ADMINISTER KEY MANAGEMENT available from 12.2 if you are still at 12.1 you must apply the patch for BUG 22826718 (Doc ID 1944507.1) to use FORCE KEYSTORE option
Comments
Post a Comment