Go to main content
26/26
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
A
access control
how configuration works
2.4.1
access control configuration
2.4
access control options
2.4.3
access grants
2.4.2
access settings
endpoint groups
7.6.3
removing from virtual wallets
6.2.3
Actions menu
3.5.1
add_epg_member command
10.9.5.2
add_wallet_access_ep command
10.9.6.3
add_wallet_access_epg command
10.9.6.9
administration
Oracle Key Vault
2.5.1
administrative roles
overview
2.5.3
alerts
about
12.5
configuring
12.5
viewing
12.5
appliance automation
commands
enrollment token management
10.9.3
virtual wallet management
10.9.6
archiving
credential files
11.3.1
JKS and JCEKS keystores
11.2.1
auditing
about
12.6.1
Audit Manager role
2.5.3
managing
12.6
Audit Manager role
functions
2.5.3
auto-login wallets
creating for accessing Oracle Key Vault credentials
8.3.2
B
backing up and restoring data
4.3
with Oracle Key Vault
1.4.7
backup destinations
creating a remote backup destination
4.3.2.2
LOCAL
4.3.2.1
backups
destinations
4.3.2
,
4.3.2.1
editing
4.3.4.2
protecting with recovery passphrase
4.3.4.5
scheduling
4.3.4.1
types
4.3.3.1
backup scheduling
4.3.4
about
4.3.3
deleting
4.3.4.3
types
4.3.3.1
backup time
setting
4.3.4.1
benefits
centralizing key lifecyle management
1.1
centralizing key storage
1.1
fighting security threats
1.1
C
centralized storage
Java keystores
2.3.1
Oracle wallet files
2.3.1
certifcates
rotating, about
13.1.1
rotating, procedure
13.1.3
rotation, checking status
13.1.4
certificates
rotating, advice
13.1.2
changepwd command (okvutil)
8.7.6
changing passwords
5.2
changing recovery passphrase
12.4.2.2
configuration files
endpoint configuration file
8.6
configuring
alerts
12.5
configuring high availability
4.2
create_endpoint_group command
10.9.5.1
create_endpoint command
10.9.3.1
create_wallet command
10.9.6.1
creating a user group
5.5.2
creating users
5.1.2
credential files
about archiving and downloading
11.3.1
best practices for archiving and downloading
11.3.4
downloading
11.3.3
uploading
11.3.2
D
dashboard
12.4.4
data
backing up
4.3
restoring
4.3
deactivating keys
6.4.1
,
6.4.2
,
6.4.4
delete_endpoint_group command
10.9.5.4
delete_endpoint command
10.9.3.7
delete_wallet command
10.9.6.6
,
10.9.6.12
deleting user groups
5.5.7
deleting users
5.1.4
deployment architecture
Oracle Key Vault
2.2
deployments
credential files, archiving and downloading
11.3.1
Java keystores, archiving and downloading
11.1.1
JKS and JCEKS keystores, archiving and downloading
11.2.1
Oracle wallets, archiving and downloading
11.1.1
TDE direction connection for TDE wallets
11.4.1
diagnostics generation utility
transaction check error
B.10
download command
10.9.3.3
download command (okvutil)
8.7.5
,
11.1.3
drop_epg_member command
10.9.5.3
drop_wallet_access_ep command
10.9.6.5
E
email
modify_endpoint_email command
10.9.4.5
email notification
creating user email configuration
12.3.2
de-registering user email configuration
12.3.4
opting not to receive
5.4.1
testing user email configuration
12.3.3
emergency system recovery
2.5.4
,
12.4.2
endpoint access to wallets
7.3.1
endpoint administrators
about
2.6
endpoint database requirements
3.1.4
endpoint groups
about creating
7.6.1
add_epg_member command
10.9.5.2
add_wallet_access_epg command
10.9.6.9
create_endpoint_group command
10.9.5.1
creating
7.6.1
delete_endpoint_group command
10.9.5.4
drop_epg_member command
10.9.5.3
modfify_endpoint_group_desc command
10.9.5.5
modify_wallet_access_epg command
10.9.6.10
,
10.9.6.11
modifying
7.6.2
removing
7.6.5
removing a member from
7.6.4
endpoint membership
adding
7.7.3
,
7.7.5
endpoint platform
3.1.3
endpoints
7.6.1
See also:
endpoint groups
about
8.1
about managing
7.1
add_epg_member command
10.9.5.2
adding access to virtual wallet
7.3.1
adding to an endpoint group
7.7.3
,
7.7.5
adding using administrator-initiated enrollment
7.2.2
adding using self-enrollment
7.2.3
administrators for
7.1
configuration file
8.6
create_endpoint command
10.9.3.1
delete_endpoint command
10.9.3.7
deleting
7.2.5.2
procedure
7.2.5.2
downloading software to endpointdownloading endpoint software to endpoint
8.3.1
drop_epg_member commandd
10.9.5.3
drop_wallet_access_ep command
10.9.6.5
enrolling and provisioning
8.3.1
enrollment
7.2.1
about
8.2
administrator initiated, about
7.2.1
types of enrollment
7.2.1
enrollment process
about
8.2
how Java home is determined during installation
8.4
installing Key Vault client
8.3.2
modify_endpoint_desc command
10.9.4.4
modify_endpoint_email command
10.9.4.5
modify_endpoint_name command
10.9.4.1
modify_endpoint_platform command
10.9.4.3
modify_endpoint_type command
10.9.4.2
modify_wallet_access_ep command
10.9.6.4
modifying details
7.7.2
okvutil utility for provisioning
8.7.1
Oracle Enterprise Manager
8.1
password, changing
8.7.6
provisioning
about
8.2
re_enroll_all command
10.9.3.6
reenrolling
7.2.5.2
procedure
7.2.5.2
removing access to virtual wallet
7.3.2
TDE endpoint management
8.5
endpoint self-enrollment, about
7.2.1
enrolling endpoints
administrator initiated
about
7.2.1
process
8.2
self-initiated
about
7.2.1
Error
Object is Unstorable in Container error
8.7.5
errors
about
10.9.7.1
at command line
10.9.7.2
F
failover
restoring high availability
4.2.4
G
general maintenance
12
granting access to objects or users
2.4.2
granting roles
5.1.3
H
high availability
and Active Data Guard
1.4.5
and restore
4.3.5.3
clusters
4.2.3
configuring
4.2
,
4.2.2
how it works
4.2.1
unconfiguring
4.2.5
with Oracle Key Vault
1.4.5
High Availability
Read-Only Restricted Mode
4.2.6.1.1
I
installation passphrase
3.2
,
A
interfaces
1.5
J
JAVA_HOME environment variable
how determined during client installation
8.4
Java keystores
downloading
8.7.5
,
11.2.3
uploading
8.7.3
,
11.2.2
JKS and JCEKS keystores
archiving
about
11.2.1
best practices
11.2.4
procedure
11.2.2
downloading
best practices
11.2.4
procedure
11.2.3
K
Kerberos keytabs
downloading
8.7.5
Key Administrator role
functions
2.5.3
key rotation
2.3.2
keys
changing state of
6.4
deactivating
6.4.1
,
6.4.2
,
6.4.4
finding for Key Vault
8.7.4
revoking
6.4.3
KMIP Protocol
1.4.9
L
liborapkcs.so file
about
8.3.2
copying to endpoint
8.3.2
list command (okvutil)
8.7.4
LOCAL
backup destinations
4.3.2.1
log file locations
B.3
M
managed content
viewing
12.4.5
management console
3.4
about
1.5
logging in to
3.3
Management Information Base (MIB) variables
12.2.6
management of Oracle Key Vault
12
master encryption keys
See:
persistent master key cache
TDE,
See:
persistent master key cache
modfify_endpoint_group_desc command
10.9.5.5
modify_endpoint_desc command
10.9.4.4
modify_endpoint_email command
10.9.4.5
modify_endpoint_name command
10.9.4.1
modify_endpoint_platform command
10.9.4.3
modify_endpoint_type command
10.9.4.2
modify_wallet_access_ep command
10.9.6.4
modify_wallet_access_epg command
10.9.6.10
,
10.9.6.11
modify_wallet_desc command
10.9.6.2
modifying a user group
5.5.6
monitoring
remote monitoring
12.2.1
SNMP
12.2.1
MySQL integration with Oracle Key Vault
11.9
N
network services
setting
12.4.1
O
OASIS Key Management Interoperability Protocol (KMIP)
Oracle Key Vault implementation of
1.4.9
okvclient.ora file
about
8.6
okvutil utility
about
1.5
changepwd command
8.7.6
download command
8.7.5
list command
8.7.4
syntax
8.7.2
upload command
8.7.3
used to manage endpoints
8.7.1
options for access control
2.4.3
Oracle Active Data Guard
migrating Oracle wallets
11.8.4
TDE direct connections
11.8.3
uploading Oracle wallets to Oracle Key Vault
11.8.1
Oracle Enterprise Manager
endpoints
8.1
TDE integration with Oracle Key Vault
8.1
Oracle Key Vault
administering
12.4
benefits
1.1
endpoint database requirements
3.1.4
endpoint platform
3.1.3
installing
3.2
,
A
other Oracle Database product support
11.4.2
RESTful services
10.1
standards and protocols
1.4.9
system requirements
3.1.1
who should use
1.3
Oracle Key Vault client software
auto-login wallet
8.3.2
installing
8.3.2
password-protected wallet
8.3.2
setting credentials for accessing
8.3.2
Oracle Key Vault configurations
12.4.1
Oracle Key Vault endpoint utility
See:
okvutil utility
about
1.5
Oracle Key Vault features
MySQL integration
1.4.12
Oracle Key Vault interfaces
1.5
Oracle Key Vault keys
finding
8.7.4
Oracle Key Vault management console
3.4
about
1.5
logging in to
3.3
Oracle Key Vault restore
4.3.5
Oracle Key Vault status
viewing
12.4.4
Oracle Key Vault use cases
2.3
Oracle Real Application Clusters
archiving Oracle wallets
11.6
RESTful services
10.1
Oracle wallets
archiving
about
11.1.1
best practices
11.1.4
archiving in Oracle Real Application Clusters environment
11.6
downloading
11.1.3
best practices
11.1.4
restoring from Key Vault wallets
11.4.4.3
uploading
11.1.2
P
passphrases
recovering credentials
12.4.2.1
password-protected wallets
creating for accessing Oracle Key Vault credentials
8.3.2
passwords
changing
5.2
changing endpoint password
8.7.6
how changing works
5.2.1
persistent master key cache
about
11.4.5.1
architecture
11.4.5.2
contents of, listing
11.4.5.6
modes of operation
first mode
11.4.5.3.2
Oracle Key Vault first mode
11.4.5.3.1
Oracle Database deployments
11.4.5.7
PKCS11_CACHE_TIMEOUT parameter
11.4.5.5.1
PKCS11_PERSISTENT_CACHE_FIRST parameter
11.4.5.5.3
PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter
11.4.5.5.4
PKCS11_PERSISTENT_CACHE_TIMEOUT parameter
11.4.5.5.2
PKCS11_CACHE_TIMEOUT parameter
11.4.5.5.1
PKCS11_PERSISTENT_CACHE_FIRST parameter
11.4.5.5.3
PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter
11.4.5.5.4
PKCS11_PERSISTENT_CACHE_TIMEOUT parameter
11.4.5.5.2
power off
12.4.1
power on
12.4.1
primary-standby configuration
changing SNMP settings on standby server
12.2.4
privileges
2.4.1
See also:
access control
R
re_enroll_all command
10.9.3.6
Read-Only Restricted Mode
High Availability
4.2.6.1.1
reboot
12.4.1
recovery passphrase
changing
12.4.2.2
protecting the backup
4.3.4.5
recovering credentials
12.4.2.1
reenrolling endpoints
procedure
7.2.5.2
rekey operation
2.3.2
,
11.1.4
,
11.8.1
remotely monitoring using SNMP
12.2.5
remote monitoring
about
12.2.1
changing settings on standby server
12.2.4
changing user name and password
12.2.3
granting SNMP access to users
12.2.2
reports
viewing
12.7
RESTful administrative commands
create_endpoint
10.9.3.1
error reporting
about
10.9.7.1
error reporting at command line
10.9.7.2
modify_endpoint_platform
10.9.4.3
RESTful services
about
10.1
configuration file
creating
10.3
multitenant environments
10.1
Oracle Real Application Clusters
10.1
RESTful Services
commands
endpoint management
10.9.5
command syntax
10.9.1
,
10.9.2
enabling
10.2
performing
single operation
10.5
restore
4.3.5
restore process
4.3.5.1
about
4.3.5
and high availability
4.3.5.3
restoring Key Vault steps
4.3.5.2
system state after
4.3.5.5
restoring a system
4.3.5.2
restoring high availability after a failover
4.2.4
revoking keys
6.4.3
revoking roles
5.1.3
roles
2.5.3
granting or revoking
5.1.3
rotation of encryption key
11.1.4
S
scheduled backups
4.3.4.1
deleting
4.3.4.3
editing
4.3.4.2
Search bars
3.5.2
searches
how to perform searches in Oracle Key Vault
3.5
searching for items
all items section
6.5.1
security objects
adding details
6.5.2
changing state of
6.4
deactivating keys
6.4.1
,
6.4.2
,
6.4.4
downloading to different types
8.7.5
modifying details of
6.5.2
revoking keys
6.4.3
viewing details of
6.5.2
separation of duties
2.5.2
setting access to wallet
7.6.3
SNMP
about
12.2.1
changing settings on standby server
12.2.4
changing user name and password
12.2.3
example of simplified remote monitoring
12.2.7
granting access to user
12.2.2
Management Information Base (MIB) variables
12.2.6
remotely monitoring Oracle Key Vault
12.2.5
SSH key files
downloading from Key Vault to a wallet
8.7.5
switching primary and secondary nodes
4.2.3
System Administrator role
functions
2.5.3
system recovery
2.5.4
system requirements
3.1.1
system state
after restore
4.3.5.5
T
TDE direct connections
about
11.4.1
configuration for database with existing TDE data
11.4.4.1
configuration for database with no TDE data
11.4.3
use case
2.3.2
TDE intetegration with Oracle Key Vault
Oracle Enterprise Manager
8.1
TDE master keys
centralized management
2.3.2
template
Transparent Data Encryption
endpoint management
8.5
troubleshooting
finding log files
B.3
upgrade errors
B.7
uploading Java keystores
B.4
uploading keystores with same file name but different contents
B.6
uploading the same Oracle wallet multiple times
B.5
types of backups
4.3.3.1
U
upgrades
error handling
B.7
upload command (okvutil)
8.7.3
uploading
Oracle wallets
11.1.1
use cases
2.3
user details
modifying
5.4.1
user details page
5.4.2
user groups
adding a user
5.5.3
creating
5.5.2
deleting
5.5.7
modifying
5.5.6
removing a user
5.5.4
virtual wallet access
5.5.1
users
creating
5.1.2
deleting
5.1.4
removing access to virtual wallets
6.3.3
types of in Oracle Key Vault
5.1.1
V
viewing
managed content status
12.4.5
virtual wallets
about
6.1.1
access for user groups
5.5.1
adding endpoint access to
7.3.1
adding items
6.1.3
creating
6.1.2
deleting
6.1.5
removing access settings from
6.2.3
removing endpoint access to
7.3.2
removing individual access to
6.3.3
removing items
6.1.3
restoring Oracle wallets from
11.4.4.3
W
wallets
add_wallet_access_ep command
10.9.6.3
add_wallet_access_epg command
10.9.6.9
create_wallet command
10.9.6.1
delete_wallet command
10.9.6.6
,
10.9.6.12
downloading from Key Vault to a wallet
8.7.5
drop_wallet_access_ep command
10.9.6.5
modify_wallet_access_ep command
10.9.6.4
modify_wallet_access_epg command
10.9.6.10
,
10.9.6.11
modify_wallet_desc command
10.9.6.2
uploading contents to Key Vault server
8.7.3
Web Access, SSH Access, SNMP Access
12.4.1
Scripting on this page enhances content navigation, but does not change the content in any way.