Using Domain with Oracle TDE
This section explains how to use the cipherTrust Manager domains with Oracle TDE. Refer to CipherTrust Manager documentation for more information on CipherTrust Manager domain management.
For users created in root domain
To generate or access keys, you need to pass the domain name with the CipherTrust Manager user name and password. The format will be domain::cm_user:cm_user_password
.
For example, to open the keystore using a key residing in the domain dom_hr
, run the following command.
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "dom_hr::cm_user:cm_user_password";
For users created in a specific domain
To generate or access keys in a specific domain, the format will be domain:auth_domain::user:password
.
For Example, to open the keystore using a key residing in the domain dom_hr
, execute the following query:
ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "dom_hr:dom_hr::domain_user:domain_user_password"
Note
The default domain is
root
. You do not need to specify the domain name explicitly while generating or accessing keys from theroot
domain.For client certificate authentication, use a double pipe symbol (
||
) to separate the domain name and username within the certificate's Common Name (CN) field.