Configuring KeyControl Vault for TDE

This section explains how to configure KeyControl Vault for TDE.

Create KeyControl Vault Key Set for TDE

If an HSM configured with KeyControl Vault, you can create keyset with HSM support enabled.

To create the KeyControl Key Set for TDE.

1. Navigate to CLOUD KEYS > KeySet tab.
   

2. Create a KeySet of type TDE.
   
   
   
   
   
   
   
   
   
   
   
   

3. To check that the KeySet is created correctly, select the <keyset name> in the list.
   

Configuring KeyControl Vault Database Connector

Before creating the KeyControl Vault Database Connector, you must ensure you have enabled TDE on the SQL Server VM. See Enable TDE on SQL Server .

1. Create a Database Connector for this KeySet and the SQL Server VM.

   This is the VM registered during installation. See Install and register the Entrust Policy Agent

   Select the <keyset name> and select the Database Connectors tab. Click Create Connector Now.

   

2. Enter the VM Name and Connector Name.

   

3. Check the database connector is created correctly.