AWS odb documentation change
Summary
Updated Transparent Data Encryption (TDE) key management documentation to state that AWS Key Management Service is now supported (and enabled by default) in addition to OCI vaults and Oracle Key Vault.
Security assessment
This change adds documentation about using AWS KMS for encryption key management, which is a security feature. It indicates expanded support for a managed key service but does not address a specific security vulnerability.
Diff
diff --git a/odb/latest/UserGuide/security.md b/odb/latest/UserGuide/security.md index 81c490784..c66437875 100644 --- a//odb/latest/UserGuide/security.md +++ b//odb/latest/UserGuide/security.md @@ -32 +32 @@ You can manage access to your Oracle Database@AWS resources. The method you use - * To store and manage keys by using Transparent Data Encryption (TDE), which is enabled by default, Oracle Database@AWS uses [OCI vaults](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm) or [Oracle Key Vault](https://www.oracle.com/security/database-security/key-vault/). Oracle Database@AWS doesn't support AWS Key Management Service. + * To store and manage keys by using Transparent Data Encryption (TDE), which is enabled by default, Oracle Database@AWS uses AWS Key Management Service. Oracle Database@AWS also supports [OCI vaults](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm) or [Oracle Key Vault](https://www.oracle.com/security/database-security/key-vault/).