DB Sessions Other than GEN0 making frequent calls to HSM Even Though Tablespace Encryption Keys were Cached. (Doc ID 2121814.1)

Last updated on APRIL 01, 2016

Applies to:

Advanced Networking Option - Version 11.2.0.1 and later
Information in this document applies to any platform.

Goal

Tablespace level TDE implemented with master encryption key stored in HSM wallet.

The master encryption key never leave the HSM device. As the tablespace encryption keys were encrypted using the master encryption key, the Tablespace encryption keys were sent to HSM to get back the decrypted version of tablespace key.

Then the decrypted version of all tablespace encryption keys were cached in SGA when the data in tablespace was accessed first. They were cached until instance is shutdown.

 Why HSM wallet is accessed by DB sessions frequently, other than GEN0 process?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms