Transparent Data Encryption (TDE) enables you to encrypt sensitive data that you store in tables and tablespaces.
After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access this data. TDE helps protect data stored on media (also called data at rest) if the storage media or data file is stolen. Oracle Database uses authentication, authorization, and auditing mechanisms to secure data in the database, but not in the operating system data files where data is stored. To protect these data files, Oracle Database provides Transparent Data Encryption (TDE). TDE encrypts sensitive data stored in data files. To prevent unauthorized decryption, TDE stores the encryption keys in a security module external to the database, called a keystore.
Oracle provides a straightforward method of managing database credentials across multiple domains by using Oracle Wallets. These enable users to update the database credentials, without the need to change specific data source definitions, since the database connection string in the data source definition is resolved by an entry in the wallet.
If the security of the wallets and cryptographic material they contain needs to be enhanced, the Oracle Database needs to be configured to use a Hardware Security Module (HSM). When the HSM module is enabled with the Oracle Database, this strengthens the protection of the wallets.