The instructions for configuring the Futurex PKCS #11 library with Oracle Database running in a Docker container cover mutual authentication using only TLS certificates.
Oracle Database TDE (19c)
Integration overview
Conceptual overview of Oracle TDE and Vectera Plus integration, explaining architecture and benefits.
Integrating Oracle Database 19c Transparent Data Encryption (TDE) with the Vectera Plus requires the Futurex PKCS #11 (FXPKCS11) library. After you configure TDE, you can store the Master Encryption Key (MEK) used for TDE on a FIPS 140-2 Level 3-validated HSM (such as the Vectera Plus), adding a layer of protection for data at rest.
The MEK encrypts the Oracle Table Keys, which encrypt or decrypt columns or tablespaces locally in the database. Each table has its own table key. From the client application perspective, the encryption and decryption process is transparent, so you don’t need to modify the existing application. We recommend that the connection between the Futurex PKCS #11 library and the Vectera Plus be a mutually authenticated TLS connection, but we also support server-side authentication.
This guide provides the required information to configure Futurex PKCS #11 with Oracle Database 19c so that you can generate the TDE Master Encryption Key and store it on the Vectera Plus for encrypting the Oracle Table Keys.
⌘I