Security → Encryption
This release introduces the ability to create a user-defined master encryption key, also known as "bring your own key." To create the user-defined key, you supply your own master key identification value when you create the master encryption key by using the ADMINISTER KEY MANAGEMENT SET [ENCRYPTION] KEY or ADMINISTER KEY MANAGEMENT CREATE [ENCRYPTION] KEY statements. This enhancement applies to master encryption keys that are used in software keystores only, not hardware keystores. It can be used in non-multitenant, standalone environments and in multitenant environments.
Business Benefit: Primary benefits of this feature is that it enables you to generate keys outside the Oracle Database, in your own trusted environment. It further allows you to use those keys as the master encryption keys for Oracle Advanced Security TDE. For example, in cloud deployments, you can create these keys in your trusted environment that you control instead of relying on a cloud provider. If you want to insert a key that you trust for encryption but later on decide that you must replace the key, then you can insert another key without the intervention of the cloud provider. To complement this feature, you can also configure the automatic removal of inactive master encryption keys from an Oracle Data Guard standby database.