There may need to be further context shared for this inquiry.
As far as key management, this is typically done by the vendor of the software. For physical database encryption, the key is chosen at database creation time, and is further supplied to the database server during use with the -ek or -ep parameters. If the key is lost, the database can no longer be used.
Secure data access from a client can be done by requiring TLS from every connection.
There is also a separately licensed component for FIPS-certified encryption.
FIPS-certified encryption technology
Hope this helps,
Tyson