We are excited to announce the availability of Google Cloud Key Management Service (KMS) integration for Exadata Database Service on Oracle Database@Google Cloud.
With this enhancement, customers can now store and manage Transparent Data Encryption (TDE) master keys in Google Cloud Customer-managed encryption keys (CMEKs). This adds to the existing key management options—Oracle Wallet, OCI Vault, and Oracle Key Vault (OKV)—and gives organizations the choice to leverage Google Cloud’s native key management solution.
Key Benefits
- Unified Management – Use Google Cloud KMS for both application and database key management.
- Compliance-Ready – Keep keys within Google Cloud CMEKs to meet data residency requirements.
- Integrated Experience – Manage key lifecycle operations natively through Oracle Database@Google Cloud.
Using Google Cloud Key Management with Exadata Database Service on Dedicated Infrastructure
VM Clusters in Oracle Database@Google Cloud now natively integrate with Google Cloud Key Management. Once connectivity is established and a VM Cluster is granted access to a Google Cloud key ring, all databases within the cluster can use Customer-Managed Encryption Keys (CMEK) as their primary key store.
This integration is configured at the VM Cluster level, ensuring that any new databases created on the cluster can automatically leverage CMEK for encryption, should they choose. Customers can register key rings, select them during database creation, and manage lifecycle operations—such as key rotation—directly from the OCI Console or with OCI API.
During the database creation, the key management options are available:
- Oracle Wallet (default): Stores the TDE key in a file-based wallet
- GCP Customer Managed Encryption Keys: Stores the TDE key in a Google Cloud-managed key ring
Databases currently using Oracle Wallet can also be transitioned to CMEK as the key management solution.
Availability
This feature is available now for Exadata Database Service on Dedicated Infrastructure on Oracle Database@Google Cloud, across all supported Google Cloud regions. This integration is another step in Oracle’s commitment to delivering an integrated and flexible multicloud experience, combining the performance of Oracle Database on Exadata with the native services of Google Cloud.