You can refer to this topic for the tablespace encryption for Oracle Key Vault upgraded from 12.2.0.3.0 or before.

The fresh installations of Oracle Key Vault 12.2.0.4.0 and higher encrypt the tablespaces using AES256 encryption.

If you have an installation of Oracle Key Vault that is upgraded from a fresh installation of Oracle Key Vault version prior to 12.2.0.4.0, the Oracle Key Vault tablespace continues to use AES128 encryption and the auditing tablespace remains unencrypted.

Use the following steps to encrypt the tablespaces of an Oracle Key Vault that is upgraded from a fresh installation of Oracle Key Vault version prior to 12.2.0.4.0 using AES256.

1. Perform a full backup of Oracle Key Vault to a remote destination. Ensure that the backup is successful.
2. Log in to the Oracle Key Vault server through SSH as user support, then switch user su to root.

   ssh support@okv_server_IP_address
   su – root
   

3. Switch user to oracle user.

   su - oracle

4. Use sqlplus to connect to the Database as the SYSDBA user.

   sqlplus / as SYSDBA

5. Run the query to verify that the tablespace KEYVAULT_SPACE is encrypted using AES128 and the tablespace KEYVAULT_AUDIT_TBS is not encrypted.

   SQL> select a.name, b.encryptionalg, b.status
        from v$tablespace a, v$encrypted_tablespaces b      
   where a.ts# = b.ts#;
   
   NAME                           ENCRYPT STATUS
   ------------------------------ ------- ----------
   AVSPACE                        AES256  NORMAL
   KEYVAULT_SPACE                 AES128  NORMAL
   

6. Ensure that the auxiliary space (tablespace SYSAUX) is at least the same size as the largest data file of this tablespace.

   This size requirement is because Oracle Database performs the conversion one file at a time. For example, if the largest data file of the tablespace is 32 GB, then ensure that you have 32 GB of auxiliary space.

   To find the space a data file uses, run the below query.

   select a.name, a.bytes, a.blocks, a.block_size, a.create_bytes, b.name from v$datafile a, v$tablespace b where a.TS# = b.TS#
   SQL> /
   
   NAME
   --------------------------------------------------------------------------------
        BYTES     BLOCKS BLOCK_SIZE CREATE_BYTES NAME
   ---------- ---------- ---------- ------------ ------------------------------
   /var/lib/oracle/oradata/dbfwdb/system01.dbf
   1614807040     197120       8192            0 SYSTEM
   
   /var/lib/oracle/oradata/dbfwdb/keyvault_tbs
     33554432       4096       8192     33554432 KEYVAULT_SPACE
   
   /var/lib/oracle/oradata/dbfwdb/sysaux01.dbf
   2715811840     331520       8192            0 SYSAUX
   
   /var/lib/oracle/oradata/dbfwdb/undotbs01.dbf
   2202009600     268800       8192            0 UNDOTBS1
   
   /var/lib/oracle/oradata/DBFWDB/datafile/o1_mf_avspace_ln88t6vp_.dbf
    209715200      25600       8192    104857600 AVSPACE
   
   /var/lib/oracle/oradata/dbfwdb/users01.dbf
      5242880        640       8192            0 USERS
   
   /var/lib/oracle/oradata/dbfwdb/keyvault_audit_tbs
     33554432       4096       8192     33554432 KEYVAULT_AUDIT_TBS
   

   Ensure that the size of tablespace SYSAUX is larger than size of tablespaces KEYVAULT_SPACE and KEYVAULT_AUDIT_TBS.

   .
7. Re-encrypt online tablespace KEYVAULT_SPACE using AES256.

   SQL> ALTER TABLESPACE KEYVAULT_SPACE ENCRYPTION ONLINE USING 'AES256' REKEY;
   Tablespace altered.
   

8. Encrypt online tablespace KEYVAULT_AUDIT_TBS using AES256.

   SQL> ALTER TABLESPACE KEYVAULT_AUDIT_TBS ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
   Tablespace altered.
   

9. Verify that Oracle Key Vault tablespaces are now encrypted using AES256.

   SQL> select a.name, b.encryptionalg, b.status
        from v$tablespace a, v$encrypted_tablespaces b
        where a.ts# = b.ts#;
   NAME                           ENCRYPT STATUS
   ------------------------------ ------- ----------
   AVSPACE                        AES256  NORMAL
   KEYVAULT_SPACE                 AES256  NORMAL                                                       
   KEYVAULT_AUDIT_TBS             AES256  NORMAL