Slot and Domain Support

This section explains how to use cipherTrust Manager domains with Oracle TDE. Refer to CipherTrust Manager documentation for more information on CipherTrust Manager domain management.

Slots on VKM provide a logical binding with the Oracle databases. This information is locally managed by the VKM agent. With the migration from VKM to CAKM for Oracle TDE, the slot support in the VKM agent provided with the authentication string will no longer be available.

However, you can use CipherTrust Manager domains to create an association with Oracle databases.

While authenticating with the CipherTrust Manager in the authentication string you need to pass domain::cm_user:cm_user_password. You may choose different domains for different database(s) as per your need.

To generate or access keys(MEK) for Oracle datbases within a domain, you need to pass the domain name with the CipherTrust Manager user name and password in the format domain::cm_user:cm_user_password.

For example, to open the keystore using a key residing in the domain dom_hr, run the following command.

ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "domainABC::cm_user:cm_user_password";