Data Encryption Using Transparent Data Encryption
To satisfy the requirement of encryption of data-at-rest, Oracle Enterprise Performance Management Cloud uses Transparent Data Encryption (TDE) to encrypt all data at the tablespace level. Each tablspace has its own encryption key.
Encryption keys are encrypted using a master key. The master key is encrypted using AES-256 encryption and is rotated regularly. In Classic environments, the master key is stored in an Oracle Wallet. In OCI (Gen 2) environments, it is stored in a Hardware Security Module (HSM) for additional security.
In OCI (Gen 2) environments, tablespace is also encrypted using AES-256 encryption.