Oracle database transparent data encryption (TDE) with AWS CloudHSM - AWS CloudHSM

Oracle database transparent data encryption (TDE) with AWS CloudHSM

Transparent Data Encryption (TDE) is used to encrypt database files. Using TDE, database software encrypts data before storing it on disk. The data in the database's table columns or tablespaces are encrypted with a table key or tablespace key. Some versions of Oracle's database software offer TDE. In Oracle TDE, these keys are encrypted with a TDE master encryption key. You can achieve greater security by storing the TDE master encryption key in the HSMs in your AWS CloudHSM cluster.


      Store the Oracle TDE master encryption key in AWS CloudHSM.

In this solution, you use Oracle Database installed on an Amazon EC2 instance. Oracle Database integrates with the AWS CloudHSM software library for PKCS #11 to store the TDE master key in the HSMs in your cluster.

Important
  • We recommend installing Oracle Database on an Amazon EC2 instance.

Complete the following steps to accomplish Oracle TDE integration with AWS CloudHSM.

To configure Oracle TDE integration with AWS CloudHSM
  1. Follow the steps in Set up prerequisites to prepare your environment.

  2. Follow the steps in Configure the database to configure Oracle Database to integrate with your AWS CloudHSM cluster.