My Oracle Support Banner

DB Sessions Other than GEN0 making frequent calls to HSM Even Though Tablespace Encryption Keys were Cached. (Doc ID 2121814.1)

Last updated on AUGUST 17, 2022

Applies to:

Advanced Networking Option - Version and later
Information in this document applies to any platform.


Tablespace level TDE implemented with master encryption key stored in HSM wallet.

The master encryption key never leave the HSM device. As the tablespace encryption keys were encrypted using the master encryption key, the Tablespace encryption keys were sent to HSM to get back the decrypted version of tablespace key.

Then the decrypted version of all tablespace encryption keys were cached in SGA when the data in tablespace was accessed first. They were cached until instance is shutdown.

 Why HSM wallet is accessed by DB sessions frequently, other than GEN0 process?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.