Oracle Key Vault 21.2 with UTIMACO SecurityServer

About the integration

This guide provides an explanation how to integrate an UTIMACO CryptoServer Hardware Security Module (HSM) with Oracle Key Vault. UTIMACO HSM securely generates and stores the Root of Trust key. The HSM RoT protects the wallet password, protecting the TDE master key, which in turn protects all the encryption keys, certificates, and other security artifacts managed by the Oracle Key Vault server
 

Oracle Key Vault

Oracle Key Vault is a full-stack software appliance that contains an operating system, database, and key-management application to help organizations store and manage their keys and credentials. The administrators should deploy Key Vault in a secure location and typically do not need to access the internal components of the appliance for day-to-day operations.

However, there are patches and scenarios where administrators might need to physically access the machine, or directly connect to the internal operating system via SSH. When an HSM is deployed with Oracle Key Vault, the Root of Trust (RoT) remains in the HSM.

This mitigates the risk of administrators potentially extracting keys and credentials from systems they can physically access. The HSM in this RoT usage scenario does not store any customer encryption keys. Customer keys are stored and managed directly by the Oracle Key Vault server.

UTIMACO CryptoServer HSM

CryptoServer is a hardware security module developed by UTIMACO IS GmbH. CryptoServer is a physically protected specialized computer unit designed to perform sensitive cryptographic tasks and to securely manage as well as store cryptographic keys and data. It can be used as a universal, independent security component for heterogeneous computer systems.
 

Are you interested in this document?

Simply add it to your collection. You can request access to this and other documents in your collection all at once via the blue basket on the right.