Creating a Key Set for TDE
- 
                                                    Log into the Cryptographic Security Platform Vault for Databases webGUI using an account with Cloud Admin privileges. 
- In the top menu bar, click CloudKeys.
- 
                                                    Select Actions > Create Key Set. 
- 
                                                    On the Details tab of the Create Key Set dialog box, enter the following: Field Description Name Enter the name for the Key Set. Description Enter the optional description for the Key Set. Admin Group Select the Admin Group. Database Type Select the database type that you are going to use. This can be one of the following: - 
                                                                            Microsoft SQL Server 
- 
                                                                            Oracle Database Server 
- 
                                                                            MariaDB Database Server 
- 
                                                                            PostgreSQL Database Server 
 Allow automatic key creation from MariaDB For MariaDB only. If set to Yes, when MaraDB attempts to fetch a key with a keyID that is not present in this vault, the Cryptographic Security Platform Vault for Databaseswill automatically create a key with that keyID and send it to MariaDB. 
- 
                                                                            
- Click Continue.
- 
                                                    On the HSM tab, if an HSM exists, complete the following tasks: - 
                                                            Check the Enable HSM checkbox if you plan to use an HSM to create CloudKeys that can be uploaded to the cloud. 
- 
                                                            Choose the Yes radio button if you want to allow key caching. This caches the key in the Cryptographic Security Platform Vault for Databases, where it is protected by the key set local root key. 
- 
                                                            If you selected Enable HSM, click Verify HSM connection to test the connectivity and suitability of the configured HSM. Cryptographic Security Platform Vault checks if the HSM is accessible and if it supports the creation and export of relevant keys. Note: Some HSM servers with older versions of firmware do not support key creation and wrapping. If the connection test fails, check the firmware version of the HSM server. If it is old, update it to the latest version. 
 
- 
                                                            
- 
                                                    For MariaDB and PostgreSQL only. Click Continue. 
- 
                                                    For MariaDB and PostgreSQL only. On the Schedule tab, determine the default rotation schedule for the CloudKeys created in this Key Set. This can be one of the following: - Never—The CloudKey will never be rotated.
- Once a year—The CloudKey will be rotated once a year.
- Every 6 months—The CloudKey will be rotated once every 6 months.
- Every 30 days—The CloudKey will be rotated once every 30 days.
- Other—The CloudKey will be rotated at the interval you select.
 Note: This rotation schedule is applied to all CloudKeys created in the Key Set, unless a different value is explicitly chosen. If there are existing CloudKeys in the Key Set, you can update the rotation schedule of the CloudKeys to align with your selected rotation schedule by checking Apply to all CloudKeys. 
- Click Apply.
