Go to main content
1/20
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Changes in This Release for Oracle Key Vault Administrator's Guide
Changes in Oracle Key Vault Release 1 (12.1)
1
Introduction to Oracle Key Vault
About Oracle Key Vault and Key Management
Benefits of Using Oracle Key Vault
Who Should Use Oracle Key Vault?
Major Features of Oracle Key Vault
Centralization of TDE Master Keys, Oracle Wallets, Java Keystores, and Credential Files
Management of Key Lifecyle
Reporting and Alerts
Separation of Duties for Oracle Key Vault Users
Support for a High Availability Environment
Backup and Restore Functionality for Security Objects
Compatibility and Deployment Support
Support for OASIS Key Management Interoperability Protocol (KMIP)
Oracle Key Vault Interfaces
Outline of Steps for Using Oracle Key Vault
2
Oracle Key Vault Concepts
Overview of Oracle Key Vault Concepts
Oracle Key Vault Use Cases
Centralized Storage of Oracle Wallet Files and Java Keystores
Centralizing Management for a TDE Direct Connection of TDE Master Keys
Storage of Credential Files
Access Control Configuration
Access Control Options
Access Grants
Oracle Key Vault Deployment Architecture
Oracle Key Vault Administration
About the Administration of Oracle Key Vault
Separation of Duties
Overview of Administrative Roles
Emergency System Recovery Process
Endpoint Administrators
3
Oracle Key Vault Installation and Configuration
Oracle Key Vault Installation Requirements
Oracle Key Vault: A Software Appliance
System Requirements
Network Ports
Supported Endpoint Platforms
Endpoint Database Requirements
Installing Oracle Key Vault
Task 1: Install the Oracle Key Vault Appliance
Task 2: Perform Postinstallation Tasks
Overview of the Management Console
Logging In to the Oracle Key Vault Management Console
Performing Actions and Searches
Actions Menus
Search Bars
4
High Availability, Backup and Restore Operations
Configuring High Availability for Oracle Key Vault
About Configuring High Availability for Oracle Key Vault
Configuring High Availability for Oracle Key Vault
Switching Primary and Standby Nodes in a High Availability Cluster
Restoring High Availability After a Failover
Unconfiguring High Availability
Backing Up and Restoring Data for Oracle Key Vault
About Backing Up and Restoring Data for Oracle Key Vault
Oracle Key Vault Backup Destinations
About Oracle Key Vault Backup Destinations
Creating Oracle Key Vault Remote Backup Destinations
Editing Oracle Key Vault Remote Backup Destinations
Deleting Oracle Key Vault Remote Backup Destinations
Scheduling Backup Operations for Oracle Key Vault
About Scheduling Oracle Key Vault Backups
Scheduling Oracle Key Vault Backups
Editing Oracle Key Vault Scheduled Backups
Deleting Oracle Key Vault Scheduled Backups
How Other Processes Affect the Oracle Key Vault Backup Process
Protecting the Backup Using the Recovery Passphrase
Restoring Oracle Key Vault Data
About Restoring Oracle Key Vault Data
Oracle Key Vault Restore Process
Restoring Oracle Key Vault Data
High Availability and the Restore Operation
Changes Resulting from a System State Restore
5
Managing Oracle Key Vault Users
About Managing Oracle Key Vault Users
Creating Oracle Key Vault Users
Granting or Revoking Roles
Viewing the Users List
Oracle Key Vault User Details
About User Details
Adding and Modifying User Details
Managing Oracle Key Vault User Group Membership
Adding an Oracle Key Vault User to a Group
Removing an Oracle Key Vault User from a Group
Oracle Key Vault Password Changes
Who Can Change Oracle Key Vault Passwords?
Changing Oracle Key Vault User Passwords
Deleting Oracle Key Vault Users
Managing User Groups
Creating a User Group
Adding and Modifying User Group Details
Adding an Oracle Key Vault User to a Group
Removing an Oracle Key Vault User from a Group
Deleting an Oracle Key Vault User Group
6
Managing Oracle Key Vault Endpoints
About Managing Endpoints
Searching for Endpoints
Adding, Deleting, or Reenrolling Endpoints
Types of Endpoint Enrollment
Enrollment Status
Adding an Endpoint Using Administrator-Initiated Enrollment
Adding an Endpoint Using Self-Enrollment
Deleting or Reenrolling Endpoints
About Deleting or Reenrolling Endpoints
Deleting or Reenrolling an Endpoint
Managing Endpoint Details
About Endpoint Details
Modifying Endpoint Details
Adding Endpoint Membership in a Group
Managing Virtual Wallet Access to Endpoints
Adding Endpoint Access to a Virtual Wallet
Removing Endpoint Access to a Virtual Wallet
Managing Endpoint Groups
Creating Endpoint Groups
About Creating Endpoint Groups
Creating an Endpoint Group
Modifying Endpoint Group Details
Setting Access from an Endpoint Group to a Virtual Wallet
Removing a Member from an Endpoint Group
Deleting Endpoint Groups
About Deleting Endpoint Groups
Deleting an Endpoint Group
7
Managing Oracle Key Vault Virtual Wallets and Security Objects
About Virtual Wallets
Viewing Virtual Wallets
Creating Virtual Wallets
About Creating Virtual Wallets
Creating a Virtual Wallet
Managing Details of Security Objects
Searching for Security Object Items
Viewing, Adding, and Modifying Security Object Details
About Viewing, Adding, and Modifying Security Object Details
Item Details Page: Basic Attributes Pane
Item Details Page: Advanced Pane
Changing the State of a Key or Other Security Object Item
About Changing the State of a Key or Other Security Object Item
Deactivating a Key
Revoking a Key
Adding or Removing Items to and from Virtual Wallets
Managing Virtual Wallet Access
Granting User and Endpoint Access to Virtual Wallets
Setting Access for an Individual User to a Virtual Wallet
Adding Individual User Access to a Virtual Wallet
Removing Individual User Access to a Virtual Wallet
Controlling User Group Access to Virtual Wallets
Adding User Group Access to a Virtual Wallet
Removing User Group Access from a Virtual Wallet
Revoking Access Settings of a Virtual Wallet
Deleting Virtual Wallets
8
Using Oracle Key Vault Endpoints
About Oracle Key Vault Endpoints
Overview of Endpoint Enrollment and Provisioning
Finalizing Enrollment and Provisioning
Task 1: Enroll and Provision the Endpoint
Task 2: Install the Oracle Key Vault Client Software on the Endpoint
Special Notes About Endpoint Provisioning
Transparent Data Encryption Endpoint Management
Endpoint okvclient.ora Configuration File
Oracle Key Vault okvutil Endpoint Utility Reference
About the okvutil Utility
okvutil Utility Syntax
okvutil list Command
okvutil upload Command
okvutil download Command
okvutil changepwd Command
9
Oracle Key Vault Use Case Scenarios
Uploading and Downloading Oracle Wallets
About Uploading and Downloading Oracle Wallets
Uploading Oracle Wallets
Downloading Oracle Wallets
Recommendations for Uploading and Downloading Oracle Wallets
Uploading and Downloading JKS and JCEKS Keystores
About Uploading and Downloading JKS and JCEKS Keystores
Uploading JKS or JCEKS Keystores
Downloading JKS or JCEKS Keystores
Recommendations for Uploading and Downloading JKS and JCEKS Keystores
Uploading and Downloading Credential Files
About Uploading and Downloading Credential Files
Uploading a Credential File
Downloading a Credential File
Recommendations for Uploading and Downloading Credential Files
Using a TDE Direct Connection with Oracle Key Vault
About Using a TDE Direct Connection with Oracle Key Vault
Other Oracle Database Features That Oracle Key Vault Supports
Configuring a Connection Between Oracle Key Vault and a New TDE-Enabled Database
Migrating Existing TDE Wallets to Oracle Key Vault
About Migrating Existing TDE Wallets to Oracle Key Vault
Migrating an Existing TDE Wallet to Oracle Key Vault
Restoring Database Contents Previously Encrypted by TDE Using an Oracle Wallet
Using a TDE-Configured Oracle Database in an Oracle RAC Environment
Using a TDE-Configured Oracle Database in an Oracle GoldenGate Environment
About Uploading Oracle Wallets in an Oracle GoldenGate Environment
Using a TDE Direct Connection in an Oracle GoldenGate Deployment
Migrating TDE Wallets on an Oracle GoldenGate Deployment to Oracle Key Vault
Using a TDE-Configured Oracle Database in an Oracle Active Data Guard Environment
About Uploading Oracle Wallets in an Oracle Active Data Guard Environment
Uploading Oracle Wallets in an Oracle Active Data Guard Environment
Performing a TDE Direct Connection in an Oracle Active Data Guard Environment
Migrating Oracle Wallets in an Oracle Active Data Guard Environment
Migrating an Oracle TDE Wallet to Oracle Key Vault for a Logical Standby Database
Checking the Oracle TDE Wallet Migration for a Logical Standby Database
10
General Oracle Key Vault Management
About General Management of Oracle Key Vault
Oracle Key Vault Alert Configuration
About Configuring Alerts
Configuring the Alerts That Appear in the Oracle Key Vault Dashboard
Viewing Open Alerts
Oracle Key Vault Auditing
About Auditing in Oracle Key Vault
How Oracle Key Vault Audit Record Export and Deletion Operations Work
Exporting and Deleting Oracle Key Vault Audit Records
Viewing Oracle Key Vault Reports
About Oracle Key Vault Reports
Accessing the Oracle Key Vault Management Reports
Viewing Oracle Key Vault Status on the Dashboard
Status Panes in the Dashboard
Oracle Key Vault System Administration
Viewing Oracle Key Vault Status
Setting the Oracle Key Vault Configurations
Settings for Configurations Page
Enabling SSH Access
System Recovery
About System Recovery
Performing System Recovery
Changing the Recovery Passphrase
A
Troubleshooting Oracle Key Vault
How Do I Find and Troubleshoot Errors?
How Do I Handle the Error: Cannot Open Keystore Message?
How Do I Handle General KMIP Errors?
How Do I Handle WARNING: Could Not Store Private Key Errors?
How Do I Handle Errors After Upgrading Oracle Key Vault?
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.