Integration with HSM device

PAM relies on the database integration with HSM device to increase security of the encrypted data. PAM provides a wide selection of back-end databases chosen to satisfy maintenance, compliance or regulatory requirements.

For HSM integration choose the database that supports database encryption with the master key managed by your HSM device.

Use the following steps to introduce HSM into data encryption strategy:

  1. Configure your database server with your encryption provider integrated with your HSM device.
  2. Create PamDB database.
  3. Enable database encryption using the crypto provider configured above.

    4. Example for MS SQL Server.

    • Run following query against PamDB database:
    Copy 
    USE PamDB;
    CREATE DATABASE ENCRYPTION KEY
    WITH ALGORITHM = AES_256
    ENCRYPTION BY SERVER ASYMMETRIC KEY <ASYNCKeyName>;

    where ASYNCKeyName is the name of key prepared with your crypto provider.

    • Enable encryption for database with the following query:
    Copy 
    ALTER DATABASE PamDB
    SET ENCRYPTION ON;
  4. Install PAM using configured PamDB.