Oracle TDE with AWS CloudHSM: Set up the prerequisites - AWS CloudHSM

Oracle TDE with AWS CloudHSM: Set up the prerequisites

To accomplish Oracle TDE integration with AWS CloudHSM, you need the following:

  • An active AWS CloudHSM cluster with at least one HSM.

  • An Amazon EC2 instance running the Amazon Linux operating system with the following software installed:

    • The AWS CloudHSM client and command line tools.

    • The AWS CloudHSM software library for PKCS #11.

    • Oracle Database. AWS CloudHSM supports Oracle TDE integration. Client SDK 5.6 and higher support Oracle TDE for Oracle Database 19c. Client SDK 3 supports Oracle TDE for Oracle Database versions 11g and 12c.

  • A cryptographic user (CU) to own and manage the TDE master encryption key on the HSMs in your cluster.

Complete the following steps to set up all of the prerequisites.

To set up the prerequisites for Oracle TDE integration with AWS CloudHSM
  1. Complete the steps in Getting started. After you do so, you'll have an active cluster with one HSM. You will also have an Amazon EC2 instance running the Amazon Linux operating system. The AWS CloudHSM client and command line tools will also be installed and configured.

  2. (Optional) Add more HSMs to your cluster. For more information, see Adding an HSM.

  3. Connect to your Amazon EC2 client instance and do the following:

    1. Install the AWS CloudHSM software library for PKCS #11.

    2. Install Oracle Database. For more information, see the Oracle Database documentation. Client SDK 5.6 and higher support Oracle TDE for Oracle Database 19c. Client SDK 3 supports Oracle TDE for Oracle Database versions 11g and 12c.

    3. Use the cloudhsm_mgmt_util command line tool to create a cryptographic user (CU) on your cluster. For more information about creating a CU, see How to Manage HSM Users with CMU and Managing HSM users.

After you complete these steps, you can Configure the database.