DB Sessions Other than GEN0 making frequent calls to HSM Even Though Tablespace Encryption Keys were Cached.
Last updated on APRIL 09, 2018
Applies to:Advanced Networking Option - Version 22.214.171.124 and later
Information in this document applies to any platform.
Tablespace level TDE implemented with master encryption key stored in HSM wallet.
The master encryption key never leave the HSM device. As the tablespace encryption keys were encrypted using the master encryption key, the Tablespace encryption keys were sent to HSM to get back the decrypted version of tablespace key.
Then the decrypted version of all tablespace encryption keys were cached in SGA when the data in tablespace was accessed first. They were cached until instance is shutdown.
Why HSM wallet is accessed by DB sessions frequently, other than GEN0 process?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms