Integration with HSM device

XTAM relies on the database integration with HSM device to increase security of the encrypted data. XTAM provides wide selection of backend databases chosen to satisfy maintenance, compliance or regulatory requirements. For HSM integration choose the database that supports database encryption with the master key managed by your HSM device.

Use the following steps to introduce HSM into data encryption strategy:

  1. Configure your database server with your encryption provider integrated with your HSM device.
  2. Create PamDB database.
  3. Enable database encryption using the crypto provider configured above.
  4. Example for MS SQL Server:

    • Run following query against PamDB database:

    USE PamDB;

    CREATE DATABASE ENCRYPTION KEY

    WITH ALGORITHM = AES_256

    ENCRYPTION BY SERVER ASYMMETRIC KEY <ASYNCKeyName>;

    where ASYNCKeyName is the name of key prepared with your crypto provider.

    • enable encryption for database with followed query:

    ALTER DATABASE PamDB

    SET ENCRYPTION ON;

  5. Install XTAM using configured PamDB.