1. Installation and Administration Guide
  2. OKM-ICSF Integration
  3. Key Stores and Master Key Mode

Key Stores and Master Key Mode

When Master Key Mode is enabled, agents derive keys from a set of externally stored master keys.

In KMS 2.0.x and later, the KMAs in an cluster generate their own keys using either a Hardware Security Module (such as the Sun Cryptographic Accelerator 6000 card) or the Solaris Cryptographic Framework. Some customers prefer to have the KMAs use master keys that are created and stored in an external key store.

KMS 2.2 introduced a Master Key Mode feature. When enabled, the cluster derives tape keys from a set of master keys. The master keys are created and stored in an external key store. Full disaster recovery is possible with just the tapes, the master keys, and factory default OKM equipment.

Note:

The original product name, Key Management System (KMS), changed to Oracle Key Manager (OKM) at release 2.3.