Glossary

Audit Manager

An administrator role that enables a user to manage audit lifecycle and policies and to separate the role of auditing from managing the appliance.

auto-login wallet

An Oracle wallet file that can be accessed without a password. An auto-login wallet is stored in a cwallet.sso file.

credential file

A file containing sensitive information like user ids, passwords, and keys. The file is stored as an opaque object, which means that its individual contents are not interpreted by Key Vault. The entire file is uploaded and downloaded as an object.

See also security objects.

default wallet

A special virtual wallet that is associated with an endpoint, where all the endpoint's security objects can be automatically uploaded.

endpoint

Computer systems like database servers, application servers, and other information systems, where keys and credentials are used to access encrypted data and other systems.

endpoint administrator

Owner of an endpoint. They are typically system, security, or database administrators, but they can be any personnel charged with deploying, managing and maintaining security within an enterprise. They are responsible for enrolling endpoints and controlling endpoint access to security objects.

endpoint group

A group of endpoints created to share a set of security objects.

JAVA_HOME

JAVA_HOME corresponds the location of Java files (JDK/JRE) in the system. This allows Java applications to look up the JAVA_HOME variable in order to run.

Java keystore file

A file that can hold multiple security objects such as keys and certificates.

Key Administrator

An administrator role that enables a user to manage the key lifecycle and control access to all security objects within Key Vault.

keystore

A generalized term for a container that stores encryption keys including but not limited to TDE encryption keys.

Management Information Base (MIB)

See MIB.

master encryption key

See TDE master encryption key.

MIB

In an SNMP configuration, a text file that describes the variables that contain the information that SNMP can access. The variables described in a MIB, which are also called MIB objects, are the items that can be monitored using SNMP. There is one MIB for each element being monitored.

OKV_HOME

Corresponds to the environment in which Oracle Key Vault endpoint software will reside. It contains subdirectories for endpoint software like the configuration files, log files, libraries, binaries, and other files needed by the endpoint software utility.

opaque object

A security object that cannot be interpreted by Oracle Key Vault.

Oracle wallet file

An Oracle wallet file is a container that can hold multiple security objects such as keys and certificates. It uses the PKCS#12 cryptographic standard.

Oracle wallets can be managed by Key Vault just like other security objects. They can be can be encrypted and protected with a password or not. An Oracle wallet that can be accessed without a password is called an auto-login wallet.

See also auto-login wallet, password-protected wallet.

ORACLE_BASE

ORACLE_BASE is the root of the Oracle Database directory tree. The Oracle Base directory is the top level directory that you can use to install the various Oracle software products. You can use the same Oracle base directory for multiple installations. For example, /u01/app/oracle is an Oracle base directory created by the oracle user.

ORACLE_HOME

The directory path to install Oracle components (for example, /u01/app/oracle/product/12.1.0/db_n). You are prompted to enter an Oracle home in the Path field of the Specify File Locations window.

Corresponds to the environment in which Oracle Database products run. If you install an OFA-compliant database, using Oracle Universal Installer defaults, Oracle home (known as $ORACLE_HOME in this guide) is located beneath $ORACLE_BASE. The default Oracle home is db_n where n is the Oracle home number. It contains subdirectories for Oracle Database software executables and network files.

ORACLE_SID

The Oracle System ID (SID) is used to uniquely identify a particular database on a system. For this reason, one cannot have more than one database with the same SID on a computer system.

When using RAC, all instances belonging to the same database must have a unique SID.

oraenv

oraenv and coraenv are Unix/ Linux command line utilities that set the required environment variables (ORACLE_SID, ORACLE_HOME and PATH) to allow a user to connect to a given database instance. If these environment variables are not set, commands such as SQL*Plus, imp, exp will not work (or not be found).

Use coraenv when using the C Shell and oraenv when using a Bourne, Korn or Bash shell.

password-protected wallet

An encrypted Oracle wallet that has a user-defined password stored in an ewallet.p12 file.

PKCS#11 library

A library that allows an Oracle TDE database to connect to Oracle Key Vault to manage the master keys.

security objects

Security objects can be public and private encryption keys, Oracle wallets, Java keystores, Java Cryptography Extension keystores, certificates, and credential files.

software appliance

A self-contained preconfigured product that can be installed on supported hardware dedicated for a specific purpose.

sqlnet.ora file

The sqlnet.ora file resides in $ORACLE_HOME/network/admin. It is a configuration file for the client or server that specifies the:

• Client domain to append to unqualified service names or net service names

• Order of naming methods for the client to use when resolving a name

• Logging and tracing features to use

• Route of connections

• External naming parameters

• Oracle Advanced Security parameters

System Administrator

An administrator role that enables a user to create users, endpoints and their respective groups, configure system settings and alerts, and generally administer Oracle Key Vault.

TDE master encryption key

A key that encrypts the data encryption keys for tables and tablespaces.

template

A collection of attributes for security objects. When a security object is created using a template, the attributes in the template are automatically assigned to the new object.

users

Users can be administrators, auditors, or ordinary users with no administrative roles.

virtual wallet

A container for security objects like public and private encryption keys, TDE master encryption keys, passwords, credentials, and certificates in Oracle Key Vault. The main purpose of a virtual wallet is to enable sharing of keys among endpoints.