Oracle on RDS: TDE encryption with master key storage in KMS or CloudHSM


From the documentation, it seems that if you want to use TDE on Oracle on RDS, the TDE master key can be stored:

  • In RDS itself (Oracle Wallet) or
  • In ClassicHSM.

Do you have any inputs on the possibility to store the TDE master key in KMS or in the new generation CloudHSM? Is it on the roadmap?

Please note

CloudHSM for RDS is deprecated. We don’t support any new instances because old HSM is deprecated, and there are no plans to build support for the new version of CloudHSM

