Integration with HSM device
XTAM relies on the database integration with HSM device to increase security of the encrypted data. XTAM provides a wide selection of back-end databases chosen to satisfy maintenance, compliance or regulatory requirements.
For HSM integration choose the database that supports database encryption with the master key managed by your HSM device.
Use the following steps to introduce HSM into data encryption strategy:
- Configure your database server with your encryption provider integrated with your HSM device.
- Create PamDB database.
- Enable database encryption using the crypto provider configured above.
Example for MS SQL Server:
- Run following query against PamDB database:
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_256
ENCRYPTION BY SERVER ASYMMETRIC KEY <ASYNCKeyName>;
where ASYNCKeyName is the name of key prepared with your crypto provider.
- enable encryption for database with the following query:
ALTER DATABASE PamDB
SET ENCRYPTION ON;