{"id":1009,"date":"2025-07-15T19:03:33","date_gmt":"2025-07-15T17:03:33","guid":{"rendered":"https:\/\/anjo.pt\/keyword-oracle\/?p=1009"},"modified":"2025-08-25T13:27:45","modified_gmt":"2025-08-25T11:27:45","slug":"encrypt-the-whole-oracle-database-online-with-tde","status":"publish","type":"post","link":"https:\/\/anjo.pt\/keyword-oracle\/2025\/07\/15\/encrypt-the-whole-oracle-database-online-with-tde\/","title":{"rendered":"Encrypt the whole Oracle database online with TDE"},"content":{"rendered":"\n

Some programs are part of Oracle ISV – Independent Software Vendors – program and include various types of Oracle licenses. This allows to install the application database in various Oracle configurations. At my customer, the software includes Advance Security Option Oracle license. This was the reason we decided, even before moving to the cloud, to encrypt the database.<\/p>\n\n\n\n

Here is a summary on how to perform full online encryption<\/strong> (TDE) of a database. The process is quite simple, but there are known surprises you might want to avoid.<\/p>\n\n\n\n\n\n\n\n

Check space requirements<\/h2>\n\n\n\n

Online encryption is done datafile by datafile. It is necessary to have enough space for copying the biggest datafile of the database. This can be a problem when using bigfile tablespaces.<\/p>\n\n\n

\nSQL>\u00a0select\u00a0con_id,tablespace_name, max(bytes\/1024\/1024\/1024) max_gb \nfrom cdb_data_files \ngroup by con_id,tablespace_name \norder by 3 desc nulls last \nfetch first 10 rows only;\n<\/pre><\/div>\n\n\n
While the encryption happens one datafile at the time, on the RHEL8 installation at my client, the process did not release the file descriptor at the end of each datafile encryption. This meant that space was still being used and filesystem was almost full. At Troubleshooting<\/a> section it is described how to clean up this space during the encryption. <\/p>\n\n\n\n
Configure TDE Wallet<\/h2>\n\n\n\n
Create Wallet and unified master key<\/h3>\n\n\n\n
First, we need to setup a TDE Wallet in the database. Few points to remind:<\/p>\n\n\n\n
    \n
  • This step requires a restart of database!<\/li>\n\n\n\n
  • We will define a new password to be used for keystore. Make sure to save it,<\/li>\n\n\n\n
  • Make sure the files created under the path of WALLET_ROOT<\/code> parameter are part of a filesystem backup. These files are required to open the database!<\/li>\n\n\n\n
  • If there is Dataguard, the parameters below need also to be set on standby and the two generated wallet files copied.<\/li>\n\n\n\n
  • If you plan to clone this database, you need to export and import the keys on the future DB when cloning.<\/li>\n<\/ul>\n\n\n
    \n$\u00a0mkdir\u00a0-p\u00a0\/u00\/app\/oracle\/wallet_root\/tde\n\u00a0\nSQL> alter system\u00a0set\u00a0tablespace_encryption=AUTO_ENABLE;\u00a0 -- available from 19.16\nSQL> alter system\u00a0set\u00a0wallet_root='\/u00\/app\/oracle\/wallet_root'\u00a0scope=spfile;\n\u00a0\n\u00a0\u00a0- plan restart and restart DB -\n\u00a0\nSQL> alter system\u00a0set\u00a0tde_configuration='keystore_configuration=FILE'\u00a0scope=both;\nSQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE IDENTIFIED BY\u00a0"xxxx";\u00a0 \/* Add to Password Safe *\/\n\u00a0\nSQL> !\u00a0ls\u00a0-l\u00a0\/u00\/app\/oracle\/wallet_root\/tde\ntotal 4\n-rw-------. 1 oracle dba 2553 Apr 17 11:55 ewallet.p12\n\u00a0\nSQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY\u00a0"xxx"\u00a0container=all;\nSQL> ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY\u00a0"xxx"\u00a0with backup container=all; \nSQL> col wrl_parameter\u00a0for\u00a0a40\nSQL>\u00a0select\u00a0con_id,WRL_PARAMETER, WRL_TYPE,WALLET_TYPE, status from V$ENCRYPTION_WALLET;\n\u00a0\n\u00a0\u00a0\u00a0\u00a0CON_ID WRL_PARAMETER\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WRL_TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WALLET_TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STATUS\n---------- ---------------------------------------- -------------------- -------------------- ------------------------------\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a01\u00a0\/u00\/app\/oracle\/wallet_root\/tde\/\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 PASSWORD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a02\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 PASSWORD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 PASSWORD\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n<\/pre><\/div>\n\n\n
    Create autologin wallet<\/h3>\n\n\n\n
    This ensures the DB will automatically open the wallet during startup. The WALLET_TYPE <\/code>in the V$ENCRYPTION_WALLET<\/code> will change from PASSWORD <\/code>to AUTOLOGIN<\/code>.<\/p>\n\n\n
    \nSQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE\u00a0'\/u00\/app\/oracle\/wallet_root\/tde\/'\u00a0IDENTIFIED BY\u00a0"xxx";\n\u00a0\nSQL> ADMINISTER KEY MANAGEMENT SET KEYSTORE CLOSE IDENTIFIED BY\u00a0"xxx"\u00a0container=all;\n\u00a0\nSQL> col wrl_parameter\u00a0for\u00a0a40\nSQL>\u00a0select\u00a0con_id,WRL_PARAMETER, WRL_TYPE,WALLET_TYPE, status from V$ENCRYPTION_WALLET;\n\u00a0\n\u00a0\u00a0\u00a0\u00a0CON_ID WRL_PARAMETER\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WRL_TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 WALLET_TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STATUS\n---------- ---------------------------------------- -------------------- -------------------- ------------------------------\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a01\u00a0\/u00\/app\/oracle\/wallet_root\/tde\/\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AUTOLOGIN\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a02\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AUTOLOGIN\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 FILE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 AUTOLOGIN\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPEN\n<\/pre><\/div>\n\n\n
    Encrypt tablespaces<\/h2>\n\n\n\n
    Check if OMF is configured and used<\/strong><\/h3>\n\n\n\n
    It is recommended to enable OMF if not yet done. To enable OMF, the db_create_file_dest<\/code> needs to be set.<\/p>\n\n\n
    \nSQL> show parameter db_create_file_dest\u00a0\nNAME\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 TYPE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 VALUE\n------------------------------------ ----------- ------------------------------\ndb_create_file_dest\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 string\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/u01\/oradata\n<\/pre><\/div>\n\n\n
    Get list of commands to run<\/strong><\/h3>\n\n\n\n
    On each of the PDBs, including CDB$ROOT<\/code>, encrypt the tablespaces. To speed up, you can run different tablespace encryption in parallel sessions. Each session uses about one CPU and some IO.<\/p>\n\n\n
    \nSQL> select\u00a0'\/* PDB: '||con_id_to_con_name(con_id)||' *\/ ALTER TABLESPACE '||tablespace_name||' ENCRYPTION ONLINE ENCRYPT; \/* '||count(*)||' files - '||round(sum(bytes)\/1024\/1024\/1024) ||' GB *\/'\u00a0cmd\nfrom\u00a0cdb_tablespaces\u00a0join\u00a0cdb_data_files using (con_id, tablespace_name)\nwhere\u00a0con_id!=2\u00a0and\u00a0encrypted='NO'\ngroup\u00a0by\u00a0con_id, tablespace_name\norder\u00a0by\u00a0con_id,sum(bytes);\u00a0\nCMD\n------------------------------------------------------------------------------------------------------------------------------------------------------\n\/* PDB: CDB$ROOT *\/\u00a0ALTER\u00a0TABLESPACE USERS ENCRYPTION ONLINE ENCRYPT; \/* 1 - 1 GB *\/\n\/* PDB: CDB$ROOT *\/\u00a0ALTER\u00a0TABLESPACE ABC_ENCRYPT ENCRYPTION ONLINE ENCRYPT; \/* 1 - 5 GB *\/\n...\n<\/pre><\/div>\n\n\n
    Run the output from above command in right container.<\/p>\n\n\n\n
    Follow-up TDE encryption <\/h3>\n\n\n
    \nSELECT to_char(sysdate,'DD-MON-YY HH24:MI:SS')\u00a0time, con_id, tablespace_name,\n    COUNT(*) as\u00a0"#FILES",\u00a0\u00a0\u00a0\u00a0\u00a0SUM(CASE WHEN encrypted =\u00a0'YES'\u00a0THEN 1 ELSE 0 END) as\u00a0"#ENC_FILES",\n\u00a0\u00a0\u00a0\u00a0\u00a0ROUND(SUM(bytes)\/1024\/1024\/1024, 2) as size_gb,\n\u00a0\u00a0\u00a0\u00a0\u00a0TO_CHAR(ROUND( (SUM(CASE WHEN encrypted =\u00a0'YES'\u00a0THEN bytes ELSE 0 END) \/ SUM(bytes)) * 100, 2 ),'90.00')||' %'\u00a0as enc_perc\nFROM\u00a0v$datafile_header\nWHERE con_id != 2\nGROUP BY rollup (con_id, tablespace_name)\nHAVING SUM(CASE WHEN encrypted =\u00a0'YES'\u00a0THEN bytes ELSE 0 END) \/ SUM(bytes) < 1 \/* only not finished *\/\nORDER BY con_id, tablespace_name;\u00a0\n-- \nor via Alertlog: tail\u00a0-100f alert*.log |\u00a0grep\u00a0-B1\u00a0":TDE converting datafile"\n<\/pre><\/div>\n\n\n
    TDE encryption throughput<\/h3>\n\n\n\n
    On a single node VM, the average throughput was 4 GB\/minute – one 32GB datafile in a bit more than 8 minutes.On the standby side was a ExaCC, it took less than 5 minutes per 32GB datafile.<\/p>\n\n\n\n
    Having 4 parallel sessions encrypting the database on primary side did not change the timing per datafile, meaning: it was 4 times faster. On the standby side only one process is doing the encryption.<\/p>\n\n\n\n
    Resume TDE encryption<\/h3>\n\n\n\n
    In case the encryption stops or is killed in the middle, you can continue the encryption operation by calling:<\/p>\n\n\n
    \nSQL> ALTER TABLESPACE <tbs_name> ENCRYPTION ONLINE FINISH ENCRYPT;\n<\/pre><\/div>\n\n\n
    Re-create Temporary tablespaces<\/h3>\n\n\n\n
    In each of the containers, re-create the temporary tablespace (add more tempfiles if needed with ALTER TABLESPACE xxx ADD TEMPFILE;<\/code>):<\/p>\n\n\n
    \nSQL> SELECT\u00a0'\/* PDB: '||con_id_to_con_name(con_id)||' *\/ CREATE TEMPORARY TABLESPACE '\u00a0||tablespace_name||'_ENC; \/* tempfiles to be added: '||count(*)||' *\/'\u00a0cmd \nFROM CDB_TEMP_FILES \ngroup by con_id, tablespace_name;\n<\/pre><\/div>\n\n\n
    In each container – change default temporary tablespace to the new one:<\/p>\n\n\n
    \nSQL> ALTER DATABASE DEFAULT TEMPORARY TABLESPACE <old_name>_enc;\n<\/pre><\/div>\n\n\n
    Drop the old temporary tablespace<\/p>\n\n\n
    \nSQL> DROP TABLESPACE TEMP INCLUDING CONTENTS AND DATAFILES;\n<\/pre><\/div>\n\n\n
    Rename the temporary tablespace back (optional)<\/p>\n\n\n
    \nSQL> ALTER TABLESPACE <old_name>_enc RENAME TO <old_name>;\n<\/pre><\/div>\n\n\n
    Check all tablespaces are encrypted<\/p>\n\n\n
    \nSQL> SELECT CON_ID, CONTENTS, TABLESPACE_NAME, ENCRYPTED \nFROM CDB_TABLESPACES \nORDER BY 1,2,3;\n<\/pre><\/div>\n\n\n
    Dataguard impact of TDE Encryption<\/h2>\n\n\n\n
    When your database has a standby, it is usually better to use the following:<\/p>\n\n\n\n
      \n
    • Stop the apply process and make sure standby is in mount mode<\/li>\n\n\n\n
    • Perform OFFLINE encryption of tablespaces on standby<\/li>\n\n\n\n
    • Resume the apply process<\/li>\n\n\n\n
    • Switchover the database to the standby<\/li>\n\n\n\n
    • Repeat the OFFLINE encryption on the other side<\/li>\n<\/ul>\n\n\n\n
      If doing ONLINE TDE encryption on the primary side, then the encryption is simultaneous done on standby side. <\/p>\n\n\n\n
      The “ALTER TABLESPACE” DDL commands are sent to the standby and the TDE conversion in standby is run independently from the conversion in the primary. It can that the TDE conversion for some tablespaces finishes before on standby than on primary.<\/p>\n\n\n\n
      During the single tablespace encryption the the apply is paused (transport continues). The lag will increase until all datafiles of the tablespace are encrypted. On alertlog is possible to see this:<\/p>\n\n\n
      \nSWITCHOVER VERIFY: standby database's reccovery lags behind. The apply lag is 11781\n<\/pre><\/div>\n\n\n
      Troubleshooting<\/h2>\n\n\n\n
      Backups conflicts<\/h3>\n\n\n\n
      If backups are running during the encryption, it can also happen that some files cannot be deleted, as they are still being read by rman. You get this in alertlog:<\/p>\n\n\n
      \nANJO_PDB1(3):Successfully zero'ed out original file "+DATA\/ANJOCDB\/374BFC384F82D5B2E063DC62A10AB914\/DATAFILE\/sysaux.678.1205510495"\nANJO_PDB1(3):WARNING: Cannot delete old file +DATA\/ANJOCDB\/374BFC384F82D5B2E063DC62A10AB914\/DATAFILE\/sysaux.678.1205510495 left after datafile TDE conversion\n2025-07-15T11:18:26.238729+02:00\nANJO_PDB1(3):Errors in file \/u02\/app\/oracle\/diag\/rdbms\/anjocdb\/ANJOCDB\/trace\/ANJOCDB_pr00_179903.trc:\nORA-15028: Oracle Automatic Storage Management (Oracle ASM) file '+DATA\/ANJOCDB\/374BFC384F82D5B2E063DC62A10AB914\/DATAFILE\/sysaux.678.1205510495' not dropped; currently being accessed\n<\/pre><\/div>\n\n\n
      Recover space from deleted datafiles<\/h3>\n\n\n\n
      While the encryption happens datafile after datafile, it was seen that the “deleted” files did not have the space released until the sqlplus session was closed. The file descriptors remained there:<\/p>\n\n\n
      \n$ lsof +aL1 \/u01\/oradata\/ANJO_CDB\n\nCOMMAND      PID   USER   FD   TYPE DEVICE    SIZE\/OFF NLINK        NODE NAME\noracle_17  17729 oracle  276u   REG  253,4           1     0 24015839280 \/u01\/oradata\/ANJO_CDB\/374BFC384F82D5B2E063DC62A10AB914\/datafile\/o1_mf_sysaux_n4lxr8gf_.dbf (deleted)\noracle_17  17729 oracle  278u   REG  253,4           1     0 23734824823 \/u01\/oradata\/ANJO_CDB\/374BFC384F82D5B2E063DC62A10AB914\/datafile\/o1_mf_sysaux_n4lxr8gx_.dbf (deleted)\noracle_17  17729 oracle  279u   REG  253,4           1     0 24015839269 \/u01\/oradata\/ANJO_CDB\/374BFC384F82D5B2E063DC62A10AB914\/datafile\/o1_mf_sysaux_n4lxr8h4_.dbf (deleted)\noracle_17  17729 oracle  280u   REG  253,4           1     0 23734824830 \/u01\/oradata\/ANJO_CDB\/374BFC384F82D5B2E063DC62A10AB914\/datafile\/o1_mf_sysaux_n4lxr8hh_.dbf (deleted)\n<\/pre><\/div>\n\n\n
      As I was encrypting a 10 TB tablespace and did not have enough disk space to wait, I did wrote a small script which is called by crontab every 30 minutes to empty the file descriptors and giving back the disk space. <\/p>\n\n\n
      \n$ cat rm_deleted_files.sh\n\n#!\/bin\/bash\n\necho $(date) >> \/tmp\/log.txt\n\/sbin\/lsof +aL1 \/u01\/oradata\/ANJOCDB | awk 'NR>1 && $7 > 100000 {gsub(\/[^0-9]\/, "", $4); print $2, $4, $7, $10}' | while read pid fd size file; do\n    echo "\/proc\/$pid\/fd\/$fd" >> \/tmp\/log.txt\n    echo > "\/proc\/$pid\/fd\/$fd"\ndone\n<\/pre><\/div>\n\n\n
      <\/p>\n","protected":false},"excerpt":{"rendered":"
      Some programs are part of Oracle ISV – Independent Software Vendors – program and include various types of Oracle licenses. This allows to install the application database in various Oracle configurations. At my customer, the software includes Advance Security Option Oracle license. This was the reason we decided, even before moving to the cloud, to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,39,9],"tags":[],"class_list":{"0":"post-1009","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-oracle","7":"category-oracle-19c","8":"category-security","9":"czr-hentry"},"_links":{"self":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1009","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/comments?post=1009"}],"version-history":[{"count":21,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1009\/revisions"}],"predecessor-version":[{"id":1042,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/posts\/1009\/revisions\/1042"}],"wp:attachment":[{"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/media?parent=1009"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/categories?post=1009"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/anjo.pt\/keyword-oracle\/wp-json\/wp\/v2\/tags?post=1009"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}