My Oracle Support Banner

OKV: Is TDE Primary encryption key exposed when cached in memory ? (Doc ID 2230560.1)

Last updated on AUGUST 08, 2022

Applies to:

Oracle Key Vault - Version and later
Advanced Networking Option - Version and later
Information in this document applies to any platform.


As per the document

3.2.6 Using Hardware Security Modules with TDE

A hardware security module (HSM) is a physical device that provides
secure storage for encryption keys. It also provides secure
computational space (memory) to perform encryption and decryption
operations. HSM is a more secure alternative to the Oracle wallet.

TDE can use HSM to provide enhanced security for sensitive data. An HSM
is used to store the master encryption key used for TDE. The key is
secure from unauthorized access attempts as the HSM is a physical device
and not an operating system file. All encryption and decryption
operations that use the master encryption key are performed inside the HSM.


"This means that the Primary encryption key is never exposed in insecure memory."

 Is TDE Primary encryption key exposed when cached in memory ?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.