Index

Symbols A C D E G H I J K L M N O P R S T U V X

Symbols

, when to use 7.1.3.4

A

actual data 15.2
ad hoc tools
- Oracle Data Redaction 14.4.2
ADMINISTER KEY MANAGEMENT
- isolated mode operations 4.2
- isolated mode operations not allowed 4.3
- united mode operations allowed in 3.2
- united mode operations not allowed 3.3
administrative access to policies, restricting 19.2
aggregate functions
- affect on Data Redaction policy optimization 18.6
ALTER SYSTEM statement
- how compares with ADMINISTER KEY MANAGEMENT statement 10.5
APEX_UTIL.GET_NUMERIC_SESSION_STATE function
- Oracle Data Redaction policies (NV public function) 16.5.6
APEX_UTIL.GET_SESSION_STATE function
- Oracle Data Redaction policies (V public function) 16.5.6
applications
- database applications and Oracle Data Redaction 14.4.1
- modifying to use Transparent Data Encryption 10.4
auto login keystores
- and Transparent Data Encryption (TDE) 7.2.3.4
Automatic Storage Management (ASM)
- keystore location configuration 7.1.12.1
- keystore pointing to ASM location 7.1.12.2
- moving software keystores from 7.1.9
- non-OMF-compliant system pointing to ASM location 7.1.12.3

C

CDBs
- cloning PDBs with encrypted data 8.2.3.2
- cloning PDBs with encrypted data in isolated mode 9.2.3
- cloning PDBs wth encrypted data, about 8.2.3.1
- Data Redaction masking policies 14.5
- moving PDB from one CDB to another 9.2.1
- moving PDB from one CDB to another in united mode 8.2.1
- PDBs with encrypted data 8.2.2
- preserving keystore passwords in PDB move operations 9.2.1
- preserving keystore passwords in PDB move operations in united mode 8.2.1
- relocating PDBs with encrypted data across CDBs in united mode 8.2.3.4
- remotely cloning PDBs with encrypted data in isolated mode 9.2.4, 9.2.5
- remotely cloning PDBs with encrypted data in united mode 8.2.3.3
change data capture, synchronous 5.3
closing external keystores 8.1.3.1
closing software keystores 8.1.3.1
column encryption
- about 2.4.2
- changing algorithm 5.9
- changing encryption key 5.9
- creating encrypted table column with default algorithm 5.4.2
- creating encrypted table column with non-default algorithm 5.4.3
- creating index on encrypted column 5.6
- data loads from external file 10.6
- data types to encrypt 5.2
- existing tables
  - about 5.5.1
  - adding encrypted column to 5.5.2
  - disabling encryption 5.5.4
  - encrypting unencrypted column 5.5.3
- external tables 5.4.7
- incompatibilities 13.1
- limitations 13.1
- performance, optimum 13.2
- salt 5.7
- security considerations 10.2.2
- skipping integrity check 5.4.4
column sensitive type discovery
- enabling when creating a Data Redaction policy 17.5.2
compliance
- Transparent Data Encryption 2.2
compression of Transparent Data Encryption data 10.1
configuring software keystores
- creating local auto-login keystore 3.5.2.3
control files
- lost 4.4.1

D

data at rest 2.1
database close operations
- keystores 10.7
database links
- with Oracle Data Redaction policies 18.5
database roles
- Data Redaction policies 16.5.4
databases
- about encrypting 6.1
- encrypting existing 6.10.1
- encrypting offline 6.10.2
- encrypting online 6.10.3
data deduplication of Transparent Data Encryption data 10.1
data redaction
- See: Oracle Data Redaction
Data Redaction supported functions 16.5.1
data storage
- Transparent Data Encryption 10.3.2
DDL statements
- Oracle Data Redaction policies 18.2
decryption
- tablespaces, offline 6.8.1, 6.8.3
- tablespaces, online 6.9.1
DISTINCT clause, Data Redaction policies 18.1
DML statements
- Oracle Data Redaction policies 18.2

E

editing custom formats 17.4.3
editing policies 17.5.3
Editions
- Transparent Data Encryption 11.6
ENCRYPT_NEW_TABLESPACES database initialization parameter 6.6.2
encrypted columns
- data loads from external files 10.6
encrypting data
- in isolated mode 4.5.5, 4.6.6
- in united mode 3.5.5
encryption 2.4.2
- See also: Transparent Data Encryption (TDE)
- algorithm, setting default 6.5
- cloning PDBs with encrypted data 8.2.3.2
- cloning PDBs with encrypted data in isolated mode 9.2.3
- databases offline 6.10.2
- databases online 6.10.3
- encrypting future tablespaces 6.6.2
  - about 6.6.1
- existing databases 6.10.1
- procedure 6.6.2
- relocating PDBs with encrypted data across CDBs in united mode 8.2.3.4
- remotely cloning PDBs with encrypted data in isolated mode 9.2.4, 9.2.5
- remotely cloning PDBs with encrypted data in united mode 8.2.3.3
- supported encryption algorithms 6.9.1
- tablespaces, offline 6.8.1
- tablespaces, online 6.9.1
encryption algorithms, supported 6.9.1
encryption keys
- setting in isolated mode 4.5.4
- setting in united mode 3.5.4.2
Errors:
- ORA-46694 9.1.15
EXEMPT REDACTION POLICY privilege
- using with Database Vault 19.2
expressions 16.5.1
- LENGTH functions, character string 16.5.2.3
- namespace functions 16.5.2.1
- Oracle Application Express 16.5.2.4
- Oracle Label Security functions 16.5.2.5
- SUBSTR function 16.5.2.2
EXTERNAL_STORE clause 7.1.3.4
external credential store, external keystores 7.1.3.1
external credential store, external keystores, sqlnet.ora 7.1.3.3
external credential store, external keystores, WALLET_ROOT 7.1.3.2
external credential store, password-based software keystores 7.1.3.1
external credential store, password-based software keystores, sqlnet.ora 7.1.3.3
external credential store, password-based software keystores, WALLET_ROOT 7.1.3.2
external files
- loading data to tables with encrypted columns 10.6
external keystores 3.6.1
- about 2.4.4.3
- backing up 7.1.6
- changing password in isolated mode 9.1.1.2
- changing password in united mode 8.1.1.2
- closing 8.1.3.1
- closing in isolated mode 9.1.4.2
- closing in united mode 8.1.3.3
- heartbeat batch size 3.6.6.2
- opening, about 3.6.5.1
- opening in isolated mode 4.6.4
- opening in united mode 3.6.5.2
- plugging PDBs 8.2.2.4
- unplugging PDBs 8.2.2.3
- using external keystore 7.1.3.1
- using external keystore, sqlnet.ora 7.1.3.3
- using external keystore, WALLET_ROOT 7.1.3.2
external store for passwords
- open and close operations in CDB 8.2.4, 9.2.6
external tables, encrypting columns in
- ORACLE_DATPUMP 10.6
- ORACLE_LOADER 10.6

G

GROUP BY clause, Data Redaction policies 18.1
guidelines
- materialized views and Data Redaction 19.5
- recycle bin and Data Redaction 19.7
- SYS_CONTEXT values and Data Redaction 19.4
guidelines, general usage
- redacted columns and DISTINCT clause 18.1
- redacted columns and GROUP BY clause 18.1
- redacted columns and ORDER BY clause 18.1
guidelines, security
- ad hoc query attacks and Data Redaction 19.1
- application context value handling by Data Redaction policies 19.1
- day-to-day operations and Data Redaction 19.1
- DDL statements and Data Redaction policies 19.1
- exhaustive SQL queries and inference and Data Redaction 19.1

H

hardware security modules
- backing up external keystores 7.1.6
- plugging PDBs 9.2.2.4
- unplugging PDBs 9.2.2.3
HEARTBEAT_BATCH_SIZE initialization parameter 3.6.6.2

I

import/export utilities, original 5.3
indexes
- creating on encrypted column 5.6
index range scans 2.4.3
inference, used to find data by repeatedly using a query 19.1
inline views
- Data Redaction policies order of redaction 18.3
- Data Redaction redaction 18.3
intruders
- ad hoc query attacks 19.1
isolated mode 4.2, 4.3
- about 4.1
- about configuring wallet location and keystore type 4.4.1
- ADMINISTER KEY MANAGEMENT operations allowed in 4.2
- ADMINISTER KEY MANAGEMENT operations not allowed in 4.3
- backing up software keystores 9.1.2
- changing PDB keystore from CDB root 4.4.3
- configuring external keystores, about 4.6.1
- configuring HSM 4.6.3
- configuring keystore location and keystore type 4.4.2
- configuring software keystores, about 4.5.1
- creating software keystore 4.5.2
- creating TDE master encryption key for later use 9.1.6
- encrypting data 4.5.5, 4.6.6
- encryption key, setting 4.5.4
- exporting, importing TDE master encryption keys 9.2.7.1
- exporting or importing master encryption keys 9.2.7.2
- external keystores, closing 9.1.4.2
- external keystores, opening 4.6.4
- lost control file 4.4.4
- master encryption keys
  - moving key from PDB to CDB root 9.1.15
- master encryption keys, migrating 4.6.5.2
- migrating from HSM to password software keystore 9.1.14.2
- migrating from password software keystore to HSM 9.1.14.1
- moving encryption key into new keystore 9.1.9
- moving PDB from one CDB to another 9.2.1
- Oracle RAC 4.4.5
- password change for external keystores 9.1.1.2
- password change for software keystores 9.1.1.1
- plugging PDBs with encrypted data into CDB 9.2.2.2
- plugging PDB with master encryption keys stored in external keystore 9.2.2.4
- secrets in a keystore, Oracle Database 9.1.12.1
- secrets stored in external keystores 9.1.12.6
- secrets stored in software keystores 9.1.12.2
- setting new encryption key 4.6.5.1
- software keystores, closing 9.1.4.1
- software keystores, opening 4.5.3
- uniting PDB keystore 9.1.15
- unplugging PDBs 9.2.2.3

J

JSON
- Oracle Data Redaction 18.15

K

keystore location
- about setting for isolated mode 4.4.1
- setting for isolated mode 4.4.2
- setting for united mode 3.4.2, 3.4.3
keystores
- about 2.4.4.1
- architecture 2.4.2
- ASM-based 7.1.12.1
- auto login 7.2.3.4
- auto-login, open and close operations in CDBs 8.2.4, 9.2.6
- backing up isolated mode password-protected software keystores
  - procedure 9.1.2
- backing up password-protected software keystores
  - about 7.1.4.1
  - backup identifier rules 7.1.4.2
  - procedure 7.1.4.3
- backing up united mode password-protected software keystores
  - procedure 8.1.2
- closing external keystores 8.1.3.1
- closing in CDBs 8.2.4, 9.2.6
- closing software keystores 8.1.3.1
- creating when PDB is closed 9.1.16.1
- database close operations 10.7
- deleting 7.1.15
- deleting unused 8.1.11.2
- deleting unused, about 8.1.11.1
- deleting unused in isolated mode 9.1.9
- external 3.6.1
- external, opening in isolated mode 4.6.4
- hardware, changing password in isolated mode 9.1.1.2
- hardware, changing password in united mode 8.1.1.2
- hardware, opening in united mode 3.6.5.2
- merging
  - about 7.1.7.1
  - auto-login into password-protected 7.1.7.4
  - one into another existing keystore 7.1.7.2
  - one into another existing keystore in isolated mode 9.1.3.1
  - reversing merge operation 7.1.7.5
  - two into a third new keystore 7.1.7.3
  - two into a third new keystore in isolated mode 9.1.3.2
- migrating
  - creating master encryption key for external keystore-based encryption 7.1.10.1.3
  - external keystore to software keystore 7.1.10.2.1
  - keystore order after migration 7.1.10.3
  - password key into external keystore 7.1.10.1.2
- migration using Oracle Key Vault 7.1.11
- moving out of ASM 7.1.9
- moving software keystore to a new location 7.1.8
- non-OMF-compliant system pointing to ASM location 7.1.12.3
- opening external 3.6.5
- opening in CDBs 8.2.4, 9.2.6
- Oracle Database secrets
  - about 9.1.12.1
- password access 7.1.1
- password preservation in PDB move operations 9.2.1
- password preservation in PDB move operations in united mode 8.2.1
- pointing to ASM location 7.1.12.2
- reverting keystore creation operation 9.1.16.2
- search order for 2.7
- software, changing password in isolated mode 9.1.1.1
- software, changing password in united mode 8.1.1.1
- software, creating in united mode 3.5.2.2
- software, opening in isolated mode 4.5.3
- software, opening in united mode 3.5.3.2
- TDE master encryption key merge differing from import or export 7.2.4.10
- using auto-login external keystore 7.1.2.1
keystore type
- about setting for isolated mode 4.4.1
- setting for isolated mode 4.4.2
- setting for united mode 3.4.3
- setting for united mode using parameter 3.4.2

L

LENGTH functions, character string
- expressions 16.5.2.3

M

masking
- See: Oracle Data Redaction
materialized views
- Data Redaction guideline 19.5
- Transparent Data Encryption tablespace encryption 11.2.1
migration
- migrating from HSM to password software keystore 9.1.14.2
- migrating from password software keystore to HSM 9.1.14.1
moving encryption key into new keystore
- about 8.1.11.1
multitenant container databases
- See: CDBs

N

namespace functions
- expressions 16.5.2.1
nested functions
- Data Redaction policies order of redaction 18.3
NV public function (APEX_UTIL.GET_NUMERIC_SESSION_STATE function), Data Redaction policies 16.5.6

O

OLS_LABEL_DOMINATES public function
- Data Redaction policies 16.5.5
ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE dynamic system parameter 8.2.1, 9.2.1
opening external keystores 3.6.5, 3.6.5.1
opening software keystores 3.5.3.1
operations allowed in 3.2, 4.2
operations not allowed in 3.3, 4.3
ORA-00979 error
- not a GROUP BY expression error 18.1
ORA-28081
- Insufficient privileges - the command references a redacted object error 18.2
ORA-28365 error
- wallet is not open 6.2
ORA-46680 error 8.2.2.1
ORA-46694 error 9.1.15
ORA-65040 error 9.1.16.1
Oracle Application Express
- filtering using by session state in Data Redaction policies 16.5.6
Oracle Application Expression
- expressions 16.5.2.4
Oracle Call Interface
- Transparent Data Encryption 11.5
Oracle Database Real Application Security
- Data Redaction 18.11
Oracle Database Vault
- using with Data Redaction 19.2
Oracle Data Guard
- TDE and Oracle Key Vault 11.2.2
- TDE master encryption keys, removing from standby database 8.1.12
- Transparent Data Encryption 11.2.1
Oracle Data Pump
- encrypted columns 11.1.2
- encrypted data 11.1.1
- encrypted data with database links 11.1.4
- encrypted data with dump sets 11.1.3
- exported data from Data Redaction policies 18.13.3
- exporting Oracle Data Redaction objects 18.13.2.1
- imported data from Data Redaction policies 18.13.4
- Oracle Data Redaction security policy 18.13.1
Oracle Data Redaction 15.4
- about 14.1
- actual data 15.2
- ad hoc tools 14.4.2
- aggregate functions 18.6
- benefits 14.3
- CDBs 14.5
- columns with XML-generated data 18.8
- creating custom format 17.4.2
- database applications 14.4.1
- DBMS_REDACT.ADD_POLICY procedure
  - using 16.3
- DBMS_REDACT.ALTER_POLICY procedure
  - about 16.14.1
  - example 16.14.4
  - parameters required for various actions 16.14.3
  - syntax 16.14.2
- DBMS_REDACT.DISABLE_POLICY
  - about 16.16.1
  - example 16.16.1
  - syntax 16.16.1
- DBMS_REDACT.DROP_POLICY
  - about 16.17
  - examples 16.17
  - syntax 16.17
- DBMS_REDACT.ENABLE_POLICY
  - about 16.16.2
  - example 16.16.2
  - syntax 16.16.2
- DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure
  - about 16.7.2.1
  - syntax 16.7.2.2
  - using 16.7.2.3
- deleting policies 17.5.6
- editing custom format 17.4.3
- editions 18.9
- Enterprise Manager Cloud Control 17.4.1, 17.4.2, 17.4.3, 17.5.1
- Enterprise Manager Cloud Control, about 17.1
- Enterprise Manager Cloud Control workflow 17.2
- exporting data using Data Pump Export 18.13.3
- exporting objects using Data Pump 18.13.2.1
- full data redaction
  - about 15.1
  - creating policy for 16.7.1.1
  - examples 16.7.1.3
  - modifying default value 16.7.2.1
  - syntax 16.7.1.2
- functions used in expressions 16.5.2
- how differs from Oracle Database Real Application Security masking 18.11
- how differs from Oracle Virtual Private Database masking 18.10
- importing data using Data Pump Export 18.13.4
- inline views order of redaction 18.3
- JSON 18.15
- managing policies 17.5.1
- named policy expressions
  - about 15.8
- nested functions order of redaction 18.3
- no data redaction
  - about 15.7, 16.12.1
  - creating policies for 16.12.1
  - example 16.12.2
  - syntax 16.12.1
- Oracle Data Pump security policy 18.13.1
- Oracle Enterprise Manager Data Masking and Subsetting Pack 18.14
- partial data redaction
  - about 15.2
  - character types, policies for 16.9.4.1
  - data-time data types 16.9.6.1
  - example using character data type 16.9.4.2
  - example using data-time data type 16.9.6.2
  - example using fixed character format 16.9.3.2
  - example using number data type 16.9.5.2
  - formats, fixed character 16.9.3.1
  - number data types 16.9.5.1
  - syntax 16.9.2
- policy expressions
  - about 16.6.1
  - creating 16.6.2
  - dropping 16.6.4
  - tutorial 16.6.5
  - updating 16.6.3
- privileges for creating policies 16.2
- queries on columns protected by Data Redaction policies 18.4
- random data redaction
  - about 16.11.1
  - creating policies for 16.11.1
  - example 16.11.2
- randomized data redaction
  - about 15.5
- regular expression data redaction
  - creating policies for 16.10.1
  - custom, creating policies for 16.10.4
  - example 16.10.3.2
  - example of custom 16.10.4.2
  - formats 16.10.3.1
  - formats, creating policies for 16.10.3
  - settings for 16.10.4.1
  - syntax 16.10.2
- regular expression redaction
  - about 15.3
- returning null values
  - about 16.8.1
  - example 16.8.3
  - syntax 16.8.2
- SYS schema objects 19.3
- SYSTEM schema objects 19.3
- use cases 14.4
- when to use 14.2
- WHERE clause redaction 18.3
Oracle Data Redaction, database links 18.5
Oracle Data RedactionEnterprise Manager Cloud Control
- deleting custom format 17.4.5
Oracle Data Redaction formats
- creating in Cloud Control 17.4.2
- deleting in Cloud Control 17.4.5
- editing in Cloud Control 17.4.3
- Enterprise Management Cloud Control, managing in 17.4.1
- Enterprise Manager Cloud Control, sensitive column types 17.3
- Enterprise Manager Cloud Control, viewing in 17.4.4
Oracle Data Redaction partial redaction
- creating policies for 16.9, 16.9.1
Oracle Data Redaction policies 16.5.3
- about 16.1
- altering 16.14.1
- building reports 16.18
- creating
  - examples 16.7.1.4
  - general syntax 16.4
  - procedure 16.3
- creating in Cloud Control 17.5.2
- deleting in Cloud Control 17.5.6
- disabling 16.16.1
- disabling in Cloud Control 17.5.5
- dropping 16.17
- editing in Cloud Control 17.5.3
- enabling 16.16.2
- Enterprise Manager Cloud Control, viewing in 17.5.4
- exempting users from 16.13
- expressions
  - by Application Express session state 16.5.6
  - by database role 16.5.4
  - by OLS label dominance 16.5.5
  - by user environment 16.5.3
- filtering users
  - about 16.5.1
  - no filtering 16.5.7
- finding information about 16.19
- Oracle Enterprise Manager Cloud Control 17.5.6
- redacting multiple columns in one policy 16.15
Oracle Data Redaction policy expressions
- Cloud Control, about 17.6.1
- creating in Cloud Control 17.6.2
- deleting in Cloud Control 17.6.5
- editing in Cloud Control 17.6.3
- viewing in Cloud Control 17.6.4
Oracle Enterprise Manager Cloud Control 17.5.3
- creating custom formats 17.4.2
- creating policy expressions 17.6.2
- deleting policy expressions 17.6.5
- disabling policies 17.5.5
- editing policy expressions 17.6.3
- Oracle Data Redaction 17.4.2, 17.4.3, 17.5.5, 17.6.1, 17.6.2, 17.6.3, 17.6.4, 17.6.5
- Oracle Data Redaction, creating policies 17.5.2
- Oracle Data Redaction, viewing details of a policy 17.5.4
- Oracle Data Redaction formats, viewing in 17.4.4
- policy expressions, about 17.6.1
- viewing policy expressions 17.6.4
Oracle Enterprise Manager Data Masking and Subsetting Pack
- Oracle Data Redaction impact 18.14
Oracle GoldenGate
- storing secrets in Oracle keystores 9.1.13.1
Oracle Key Vault
- migration of keystores 7.1.11
Oracle Label Security
- functions using Data Redaction expressions 16.5.2.5
Oracle-managed tablespaces 6.1
Oracle Real Application Clusters
- Oracle Key Vault and TDE in multitenant configuration 11.3.2
- Transparent Data Encryption 11.3.1
Oracle Recovery Manager
- Transparent Data Encryption 7.1.14
Oracle Securefiles
- Transparent Data Encryption 11.4, 11.4.1
Oracle Virtual Private Database (VPD)
- Data Redaction 18.10
orapki utility
- how compares with ADMINISTER KEY MANAGEMENT statement 10.5
ORDER BY clause, Data Redaction policies 18.1
original import/export utilities 5.3

P

passwords
- access to for ADMINISTER KEY MANAGEMENT operations 7.1.1
- preserving in PDB move operations 9.2.1
- preserving in PDB move operations in united mode 8.2.1
PDBs
- Data Redaction policies 14.5
- finding TDE keystore status for all PDBs 8.2.5
- master encryption keys
  - exporting 9.2.7.1
  - importing 9.2.7.1
- unplugging with encrypted data 8.2.2.1
performance
- Transparent Data Encryption 10.3.1
PKCS#11 library, switching over to updated library
- about 7.1.13.1
- procedure for 7.1.13.2
pluggable databases
- See: PDBs
policy expressions, Oracle Data Redaction 16.6.1

R

recycle bin
- Data Redaction policies and 19.7
REDACTION_COLUMNS data dictionary view
- invalid views 19.6
rekeying
- master encryption key 7.2.3.4
- TDE master encryption key in isolated mode 9.1.8
- TDE master encryption key in united mode 8.1.8
reports
- based Data Redaction policies 16.18
returning null values
- about 15.4

S

salt
- removing 5.8
salt (TDE)
- adding 5.7
secrets
- storing Oracle Database secrets in keystore
  - about 9.1.12.1
SecureFiles
- Transparent Data Encryption 11.4, 11.4.1
sensitive credential data 6.7
software keystores
- about 2.4.4.3
- changing password in isolated mode 9.1.1.1
- changing password in united mode 8.1.1.1
- closing in isolated mode 9.1.4.1
- closing in united mode 8.1.3.2
- creating in united mode 3.5.2.2
- opening, about 3.5.3.1
- opening in isolated mode 4.5.3
- opening in united mode 3.5.3.2
- password-based using external keystore 7.1.3.1
- password-based using external keystore, sqlnet.ora 7.1.3.3
- password-based using external keystore, WALLET_ROOT 7.1.3.2
SUBSTR function
- expressions 16.5.2.2
synchronous change data capture 5.3
SYS_CONTEXT function
- Data Redaction policies 19.4
- SYS_SESSION_ROLES namespace used in Data Redaction 16.5.4
SYS_SESSION_ROLES SYS_CONTEXT namespace
- Data Redaction 16.5.4
SYSTEM user
- Data Redaction policies 19.3
SYS user
- Data Redaction policies 19.3

T

TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM dynamic parameter 6.5
tablespace encryption
- about 2.4.3
- architecture 2.4.3
- creating encrypted tablespaces 6.4.3.2
- examples 6.4.3.3
- incompatibilities 13.1
- opening keystore 6.4.1.2
- performance, optimum 13.2
- performance overhead 10.3.1
- procedure 6.4.1.1
- restrictions 6.3
- security considerations for plaintext fragments 10.2.3
- setting tablespace key 6.4.2
- storage overhead 10.3.2
tablespace master encryption key
- setting 6.4.2
tablespaces
- about encrypting 6.1
- comparison between offline and online conversions 6.1
- Oracle managed, closed TDE keystore impact on encrypted 6.2
- rekeying encryption algorithm 7.2.3.5
- tablespaces
  - encrypting 7.2.3.5
tablespaces, offline decryption
- procedure 6.8.3
tablespaces, offline encryption
- about 6.8.1
- procedure 6.8.2
tablespaces, online encryption
- about 6.9.1
- decrypting 6.9.4
- finishing interrupted job 6.9.5
- procedure 6.9.2
- rekeying 6.9.3
TDE
- See: Transparent Data Encryption (TDE)
TDE column encryption
- restrictions 5.3
TDE master encryption key 3.4.1
- creating for later use in isolated mode 9.1.6
- creating for later use in united mode 8.1.4.2
TDE master encryption keys
- activating
  - about 8.1.6.1
  - example 8.1.6.3
- activating in isolated mode 9.1.7
- activating in united mode 8.1.6.2
- architecture 2.4.2
- attributes 7.2.1.1
- creating for later use
  - about 8.1.4.1
- custom attribute tags
  - about 7.2.2.1
  - creating 7.2.2.2
  - creating in isolated mode 9.1.10
  - creating in united mode 8.1.10
- disabling not allowed 7.2.3.1
- exporting 7.2.4.2
- exporting in PDBs 9.2.7.1
- finding currently used encryption key in united mode 8.1.9
- finding currently used TDE master encryption key 7.2.1.2
- importing 7.2.4.7
- importing in PDBs 9.2.7.1
- keystore merge differing from import or export 7.2.4.10
- outside the databaase
  - about 8.1.7.1
- outside the database
  - creating in isolated mode 9.1.5
  - creating in united mode 8.1.7.2
- rekeying 7.2.3.4, 8.1.8, 9.1.8
- removing automatically from standby database 8.1.12
- resetting in keystore 7.2.3.3
- setting in keystore 7.2.3.1
Transparent Data Encryption (TDE)
- about 2.1
- about configuration 2.6
- benefits 2.2
- column encryption
  - about 2.4.2, 5.1
  - adding encrypting column to existing table 5.5.2
  - changing algorithm 5.9
  - changing encryption key 5.9
  - creating encrypted column in external table 5.4.7
  - creating index on encrypted column 5.6
  - creating tables with default encryption algorithm 5.4.2
  - creating tables with non-default encryption algorithm 5.4.3
  - data types supported 5.2
  - disabling encryption in existing column 5.5.4
  - encrypting columns in existing tables 5.5.1
  - encrypting existing column 5.5.3
  - encryption and integrity algorithms 2.4.5
  - restrictions 5.3
  - salt in encrypted columns 5.7
- columns with identity columns 5.3
- compatibility with application software 13.1
- compatibility with Oracle Database tools 13.1
- compression of encrypted data 10.1
- configuring external keystores
  - about 3.6.1
  - opening 3.6.5
  - reconfiguring software keystore 3.6.6.4
  - setting master encryption key 3.6.6.1
  - sqlnet.ora configuration 3.6.3, 4.6.2
- configuring external keystores in isolated mode
  - reconfiguring software keystore 4.6.5.2
- configuring software keystores
  - about 3.4.1
  - creating auto-login keystore 3.5.2.3
  - setting software TDE master encryption key 3.5.4
- data deduplication of encrypted data 10.1
- editions 11.6
- encryption and integrity algorithms 2.4.5
- finding information about 7.3
- frequently asked questions 13
- incompatibilities 13.1
- keystore management
  - ASM-based keystore 7.1.12.1
  - backing up password-protected software keystores 7.1.4.1
  - closing external keystores 8.1.3.1
  - closing software keystore 8.1.3.1
  - merging keystores, about 7.1.7.1
  - merging keystores, auto-login into password-protected 7.1.7.4
  - merging keystores, one into an existing 7.1.7.2
  - merging keystores, one into an existing in isolated mode 9.1.3.1
  - merging keystores, reversing merge operation 7.1.7.5
  - merging keystores, two into a third new keystore 7.1.7.3
  - merging keystores, two into a third new keystore in isolated mode 9.1.3.2
  - migrating password key and external keystore 7.1.10.1.2
  - migrating password key and external keystore, master encryption key creation 7.1.10.1.3
  - migrating password key and external keystore, reverse migration 7.1.10.2.1
  - TDE master encryption key attributes 7.2.1.1
- keystore pointing to ASM location 7.1.12.2
- keystores
  - about 2.4.4.1
  - benefits 2.4.4.2
  - types 2.4.4.3
- keystore search order 2.7
- master encryption key
  - rekeying 7.2.3.4
  - rekeying in united mode 8.1.8
- master encryption key attributes
  - creating custom tags 7.2.2.2
- master encryption keys
  - setting in keystore, about 7.2.3.1
  - setting in keystore procedure 7.2.3.1
- modifying applications for use with 10.4
- multidatabase environments 11.7
- multitenant environment 2.5
- non-OMF-compliant system pointing to ASM location 7.1.12.3
- Oracle Call Interface 11.5
- Oracle Data Guard 11.2.1, 11.2.2
- Oracle Data Pump
  - export and import operations on dump sets 11.1.3
  - export and import operations on encrypted columns 11.1.2
  - export operations on database links 11.1.4
- Oracle Data Pump export and import operations
  - about 11.1.1
- Oracle Real Application Clusters
  - about 11.3.1
  - Oracle Key Vault in multitenant configuration 11.3.2
- Oracle Recovery Manager 7.1.14
  - keystores 7.1.14
- PDBs
  - finding keystore status for all PDBs 8.2.5
- performance
  - database workloads 13.2
  - decrypting entire data set 13.2
  - optimum 13.2
  - worst case scenario 13.2
- performance overheads
  - about 10.3.1
  - typical 13.2
- privileges required 2.3
- SecureFiles 11.4, 11.4.1
- security considerations
  - column encryption 10.2.2
  - general advice 10.2.1
  - platintext fragments 10.2.3
- storage overhead 10.3.2
- storing Oracle GoldenGate secrets 9.1.13.1
- tablespace encryption
  - about 2.4.3, 6
  - creating 6.4.3.1
  - encryption and integrity algorithms 2.4.5
  - examples 6.4.3.3
  - opening keystore 6.4.1.2
  - restrictions 6.3
  - setting master encryption key 6.4.2
- tablespace encryption, setting with COMPATIBLE parameter 6.4.1.1
- TDE master encryption key
  - rekeying in isolated mode 9.1.8
- TDE master encryption key attributes
  - about 7.2.2.1
  - creating custom tags in isolated mode 9.1.10
  - creating custom tags in united mode 8.1.10
- TDE master encryption keys
  - exporting and importing 7.2.4.1
- TDE Master Encryption Keys
  - resetting in keystore 7.2.3.3
- views 7.3
Transparent Data Encryption (TDE)integrity
- column encryption
  - creating tables without integrity checks (NOMAC) 5.4.4
  - improving performance 5.4.4
- NOMAC parameter (TDE) 5.4.4
Transparent Data Encryption (TDE) keystores
- deleting 7.1.15
- features affected if deleted 7.1.16
- moving software keystore to a new location 7.1.8
transportable tablespaces 5.3
tutorials
- named Data Redaction policy expressions 16.6.5

U

united mode 3.2, 3.3
- about 3.1
- about managing cloned PDBs with encrypted data 8.2.3.1
- ADMINISTER KEY MANAGEMENT operations allowed in 3.2
- ADMINISTER KEY MANAGEMENT operations not allowed in 3.3
- backing up software keystores 8.1.2
- cloning PDB with encrypted data 8.2.3.2
- configuring, procedure 3.4.3
- configuring, procedure using parameters 3.4.2
- configuring external keystores, about 3.6.2
- configuring HSM 3.6.4
- configuring software keystores, about 3.5.1
- creating software keystore 4.5.2
- creating TDE master encryption key for later use 8.1.4.2
- encrypting data 3.5.5
- encryption key, setting 3.5.4.2
- external keystores, closing 8.1.3.3
- external keystores, opening 3.6.5.2
- finding keystore status for all PDBs 8.2.5
- heartbeat batch size for external keystores 3.6.6.2
- isolating PDB keystore 8.1.13
- keystore open and close operations 8.2.4
- master encryption keys
  - moving key from CDB root to PDB 8.1.13
- moving TDE master encryption key into new keystore 8.1.11.2
- password change for external keystores 8.1.1.2
- password change for software keystores 8.1.1.1
- relocating PDBs with encrypted data across CDBs in united mode 8.2.3.4
- remotely cloning PDBs with encrypted data 9.2.5
- remotely cloning PDB with encrypted data 8.2.3.3, 9.2.4
- setting external keystore encryption key 3.6.6.3
- software keystores, closing 8.1.3.2
- software keystores, creating in 3.5.2.2
- software keystores, opening 3.5.3.2
utilities, import/export 5.3

V

V$ENCRYPTION_WALLET view
- keystore order after migration 7.1.10.3
views
- Data Redaction 16.19
V public function (APEX_UTIL.GET_SESSION_STATE function), Data Redaction policies 16.5.6

X

XML generation 18.8