The SAKA uses a standard relational database management system (RDBMS) to store data about encrypted objects and decryption requests. However, sensitive data in this database is not vulnerable since it is encrypted by keys resident on the cryptographic hardware module. All other data is metadata useful only to the SAKA application.
The database service is accessible only from the local machine. Remote clients and applications will be unable to access the database directly because of the firewall controls on the operating system. This does not prevent the SAKA application from accessing the database locally.
While there are no special requirements for database security (other than what may be required of a site's security policy for Production databases), it is recommended that backups of the database are stored separately from standard backups in the event that vulnerabilities in the encryption algorithm are discovered in the future. Controlled access to database backups will minimize any damage from such potential discoveries.