Forum Stats

  • 3,824,997 Users
  • 2,260,452 Discussions
  • 7,896,379 Comments

Discussions

TDE change encryption MK

Paulo Pires
Paulo Pires Member Posts: 4 Green Ribbon
edited Nov 5, 2021 8:51AM in Database Security - General

Dear community,

I have successfully implemented TDE encryption with local wallet in my environment with high availability (Data Guard). Later I migrated to HSM (with auto-login) and started having problems.

I definitely can't access the encryption key from the standby server. The idea we had now was to create some keys directly in HSM and change in Oracle to one of those newly created keys. The problem with Oracle is that I can only access my initially migrated key and I don't see the others.

SELECT WRL_TYPE,WRL_PARAMETER,STATUS,WALLET_TYPE FROM V$ENCRYPTION_WALLET;
SELECT KEY_ID,TAG,KEYSTORE_TYPE FROM V$ENCRYPTION_KEYS;

How can I change my encryption key to one created in HSM?

Thanks

Paulo