Introduction

This page describes how to integrate Securosys Primus HSM or CloudHSM with Oracle 19c Transparent Database Encryption (TDE), to generate and use key material within the protected boundary of Securosys Hardware Security Modules.

Oracle Databases use authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system files where the data is stored. To protect those files, Oracle Databases provide transparent data encryption (TDE).

This feature enables you to protect sensitive data in database columns or files stored in operating system files by encrypting it. Then, to prevent unauthorized decryption, it stores encryption keys in a security module external to the database. This allows for a seamless integration with Securosys' Primus HSM or CloudHSM.

Target Audience

This document is intended for HSM and Oracle DB administrators or integrators.

This document is intended for Securosys Primus HSM and Oracle DB administrators or integrators in charge of the company's database. This guide requires that you are already familiar with Database Administration.

For on-premises HSM deployed operation administrative skills are required for Securosys Primus HSMs.

Support Contact

If you encounter a problem while installing/configuring the provider or integrating the HSM with Microsoft SignTool, make sure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support. For specific requests regarding Securosys integration, visit the Securosys Support Portal.

What's Next

For a smooth start integrating your Primus HSM with Oracle TDE, using the Securosys PKCS11 Provider:

• Consult the Quick Start for a comprehensive task listing.
• For detailed instructions, read and follow the Configuration guide.