📄️ Configuration
In this document we provide a breakdown of how you can manage your Master Encryption KEY (MEK) and specify what you need to setup so that your PKCS11 Provider can be used by Oracle to connect to your HSM Partition.
📄️ Create MEK on HSM
The best way to protect your Oracle Database is to create the encryption key directly on your PrimusHSM/CloudHSM partition. This way you ensure that the key will not be compromised or leaked.
📄️ Create MEK on Software Wallet
In this document we will first create a Software Wallet to setup our Oracle Database, which we can then migrate to a PrimusHSM.
📄️ Migrate MEK
This page is intended for clients who want to migrate their Oracle TDE MEK to an Securosys PrimusHSM or CloudHSM.
📄️ Rekey on HSM
This page describes the process of issuing a new MEK, directly on the HSM and using it to encrypt the tablespace.
📄️ Autologin for HSM
This page describes how to simulate auto-login functionality for an HSM by using an additional software keystore to store the HSM partition password.
📄️ Troubleshooting
This page lists the common troubleshooting activities that should be considered while setting up your Oracle TDE with Securosys HSM.