Using Thales KMS
You can configure TDE to use an external key from Thales CipherTrust Manager to wrap the data encryption key with a key from the Thales key store. You can use either pykmip or the Thales REST API to perform the cryptographic operations of the integration.
To use the Python library pykmip for cryptographic operations with Thales CipherTrust Manager, see Using pykmip in the Implementing Thales CipherTrust Manager documentation for instructions. pykmip is a Python library that implements the KMIP industry standard for key management operations.
To use the Thales REST API for cryptographic operations with Thales CipherTrust Manager, install the EDB TDE Thales REST API client and then configure it for use with TDE. The REST API allows operations to directly connect to Thales CipherTrust, bypassing other intermediate protocols.