Audit Manager

An administrator role that enables a user to manage audit lifecycle and policies and to separate the role of auditing from managing the appliance.

auto-login wallet

A wallet that does not require a password. An auto-login wallet is stored in a cwallet.sso file. It is a type of Oracle wallet file.

credential file

A file containing security objects that is stored as a single opaque object within Oracle Key Vault.

default wallet

A wallet that automatically includes every key an endpoint creates.


Databases and other systems that store security objects, such as keys, in Oracle Key Vault.

endpoint administrator

A user who is responsible for the server being configured as an endpoint. This user does not have privileges to log in to the Oracle Key Vault management console.

endpoint group

A group of endpoints that can share access to the same security objects.

Java keystore file

A file that can hold multiple security objects such as keys and certificates.

Key Administrator

An administrator role that enables a user to handle all key-related functions.

Management Information Base (MIB)

See MIB.

master encryption key

See TDE master encryption key.


In an SNMP configuration, a text file that describes the variables that contain the information that SNMP can access. The variables described in a MIB, which are also called MIB objects, are the items that can be monitored using SNMP. There is one MIB for each element being monitored.

opaque object

A security object that cannot be interpreted by Oracle Key Vault.

Oracle wallet file

A file that can hold multiple security objects such as keys and certificates. It uses the PKCS#12 cryptographic standard.

Oracle wallets, created for Oracle software, can be managed by Oracle Key Vault. You upload and download Oracle wallets to and from Key Vault by using the okvutil upload and okvutil download commands. Oracle wallet files can be protected by a password or they can be accessible without a password, in which case they are called auto-login wallets.

See also auto-login wallet, password-protected wallet.

password-protected wallet

An encrypted wallet that has a user-defined password. It is a type of an Oracle wallet file. A password-protected wallet is stored in an ewallet.p12 file.

PKCS#11 library

A library that allows an Oracle TDE database to connect to Oracle Key Vault to manage the master keys.

security objects

Objects managed by Oracle Key Vault for security, including passwords, keys, certificates, and credentials.

software appliance

A self-contained preconfigured product that can be installed on supported hardware dedicated for a specific purpose.

System Administrator

An administrator role that enables a user to manage Oracle Key Vault but not necessarily any of the keys stored there.

TDE master encryption key

A key that encrypts the data encryption keys for tables and tablespaces.


A collection of attributes for security objects. When a security object is created using a template, the attributes in the template are automatically assigned to the new object.


Within the context of this guide, users represent administrators, auditors, or users who have no roles that use the management console to manage the appliance and the security objects stored within.

virtual wallet

A container for security objects in Oracle Key Vault. These objects can be associated with each other, and typically include public and private keys, TDE master encryption keys, passwords, credentials, and certificates. You manage these objects within the Key Vault management console.