Fujitsu Enterprise Postgres manages master encryption keys with the IBM Z Crypto Express Adapter Card. To work with the Crypto Express Adapter Card, use openCryptoki, a PKCS#11 compliant API implementation. Use the openCryptoki CCA token or the EP 11 token.

Fujitsu Enterprise Postgres uses the slot assigned to each instance to access the token through a user pin. You must configure Crypto Express Adapter Cardo and openCryptoki to access the token.

Refer to the IBM documentation for the IBM Z Crypto Express Adapter Card configuration.

Refer to the openCryptoki project documentation for openCryptoki configuration. Note that the tokname attribute must be specified because Fujitsu Enterprise Postgres requires a unique token directory.