📄️ Configuration
In this document we provide a breakdown of how you can manage your Master Encryption KEY (MEK) and specify what you need to setup so that your PKCS11 Provider can be used by Oracle to connect to your HSM Partition.
📄️ Create MEK on HSM
The best way to protect your Oracle Database is to create the encryption key directly on your PrimusHSM/CloudHSM partition. This way you ensure that the key will not be compromised or leaked.
📄️ Create MEK on Oracle Wallet
In this document we will first create a Software Wallet, which we will then migrate to the HSM.
📄️ Migrate MEK to HSM
This page is intended for clients who want to migrate their Oracle TDE MEK to an Securosys PrimusHSM or CloudHSM.
📄️ Testing and Troubleshooting
Here we define a set of basic commands to test your newly encrypted database. The commands below will create a new dummy table and insert some data in the rows. Then we try to view the content, which is prevented until the keystore is opened via the HSM.