Known issues for integrating third-party applications

Issue: Client SDK 3 does not support Oracle setting PKCS #11 attribute `CKA_MODIFIABLE` during master key generation

This limit is defined in the PKCS #11 library. For more information, see annotation 1 on Supported PKCS #11 Attributes.

Impact: Oracle master key creation fails.
Workaround: Set the special environment variable CLOUDHSM_IGNORE_CKA_MODIFIABLE_FALSE to TRUE when creating a new master key. This environment variable is only needed for master key generation and you do not need to use this environment variable for anything else. For example, you would use this variable for the first master key you create and then you would only use this environment variable again if you wanted to rotate your master key edition. For more information, see Generate the Oracle TDE Master Encryption Key.
Resolution status: We are improving the HSM firmware to fully support the CKA_MODIFIABLE attribute. Updates will be announced in the AWS CloudHSM forum and on the version history page

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Known issues for Amazon EC2 instances running Amazon Linux 2

Client SDK 3 key synchronization failures