Index

A  B  C  D  E  F  G  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  

---

A

• about managing 7.5.1
• access control
  • access grants for virtual wallets 2.3.2
  • how configuration works 2.3.1
• access control options 2.3.3
• access grants 2.3.2
• Actions menu 4.8.1
• activate Command 12.7.6.1
• add_attr command 12.7.5.1
• add_custom_attr command 12.7.5.2
• add_epg_member command 12.6.5.1
• add_member command 12.7.7.1
• add_wallet_access_ep command 12.6.6.1
• add_wallet_access_epg command 12.6.6.2
• adding user to user group 7.5.4
• administration users
  • multi-masters clusters effect on 7.1.2.4
• administrative roles
  • about 2.4.1
  • about managing 7.2.1
  • Audit Manager
    • about 2.4.5
  • granting or changing 7.2.2
  • Key Administrator
    • about 2.4.4
  • revoking 7.2.4
  • separation of duty 2.4.2
  • System Administrator
    • about 2.4.3
• alerts 1.5.3
  • about 16.2.1
  • configuring 16.2.2
  • types of 16.2.1
  • viewing open alerts 16.2.3
• all_attr command 12.7.5.3
• appliance automation
  • commands
    • enrollment token management 12.6.3
    • virtual wallet management 12.6.6
• architecture 3.3
• archiving
  • credential files 17.6.1
• auditing
  • about 16.3.1
  • Audit Vault and Database Firewall, consolidating audit records 16.3.6
  • deleting audit records 16.3.5
  • exporting audit records to file 16.3.5
  • multi-master clusters 16.3.3
  • syslog file 16.3.2
  • viewing audit records 16.3.4
• Audit Manager
  • about 2.4.5
• Audit Manager role
  • multi-master cluster effect on 7.1.2.3
• Audit Vault and Database Firewall
  • consolidating audit records 16.3.6
• Automatic Storage Management
  • uploading keystores
    • about 18.4.1
    • copying keystore to 18.4.3
    • procedure 18.4.2

---

B

• backing up data
  • about 13.1
  • best practices 13.6
  • chanding schedule 13.4.2
  • deleting schedule 13.4.3
  • primary-standby deployments 13.4.4
  • recovery passphrase 13.4.5
  • scheduling backup 13.4.1
• backup destinations
  • about 13.2.1
  • changing settings 13.2.3
  • creating remote 13.2.2
  • deleting remote 13.2.4
• backups
  • console certificates 15.2.5
  • protecting with recovery passphrase 13.4.5
  • reports 16.4.5
  • types 13.3.2
• backup scheduling 13.4
  • about 13.3.1
  • types 13.3.2
• benefits
  • centralizing key lifecyle management 1.2
  • centralizing key storage 1.2
  • fighting security threats 1.2

---

C

• candidate nodes 3.4.3.3
• centralized storage
  • Java keystores 1.3.1
  • Oracle wallet files 1.3.1
• centralized storage and management of security objects 1.5.1
• certifcates
  • rotating, about 15.1.1
  • rotating, procedure 15.1.3
  • rotation, checking status 15.1.4
• certificate
  • get_cert command 12.7.4.3
  • reg_cert command 12.7.4.7
• certificates
  • See: console certificates
  • rotating, advice 15.1.2
• changepwd command (okvutil) B.3
• changing a user group description 7.5.7
• check_object_status command 12.6.6.3
• cluster nodes
  • about 3.3.1
  • limitation 3.3.2
• cluster node types
  • about 3.3.7
• clusters
  • creating first node 5.2
  • deleting a node 5.7
  • disabling a node 5.5
  • disabling node replication 5.9.2
  • enabling a node 5.6
  • enabling node replication 5.9.3
  • force deleting a node 5.8
  • management information 5.10
  • monitoring information 5.11
  • read-only, creating 5.3.2
  • read-write pair of nodes, creating 5.3.1
  • read-write pairs of nodes, creating 5.3.3
  • restarting cluster services 5.9.1
  • terminating node pairing 5.4
• cluster size and availability guidance 3.5.1
• cluster subgroup
  • about 3.3.3
• Commercial National Security Algorithm (CNSA)
  • about 14.6.1
  • backup and restore operations 14.6.3
  • running scripts 14.6.2
  • upgrading primary-standby Oracle Key Vault servers 14.6.5
  • upgrading standalone Oracle Key Vault server 14.6.4
• configuration files
  • endpoint configuration file 10.6
• configuration parameters
  • endpoints 9.6.3.1
• configuring a primary-standby deployment 6.1.1
• conflicts in names of objects 5.12.1
• console certificates
  • about managing 15.2.1
  • backup data restored 15.2.5
  • downloading CA request 15.2.2
  • having signed 15.2.3
  • primary-standby environments 15.2.5
  • RESTful services 15.2.5
  • uploading 15.2.4
• controller nodes
  • about 3.4.3.2
• create_endpoint_group command 12.6.5.2
• create_endpoint command 12.6.3.1
• create_key command 12.7.4.1
• create_unique_endpoint_group command 12.6.5.3
• create_unique_endpoint command 12.6.3.2
• create_unique_wallet command 12.6.6.4
• create_wallet command 12.6.6.5
• creating a user group 7.5.3
• creating user accounts 7.1.3
• credential files
  • about archiving and downloading 17.6.1
  • change to content guidance 17.6.4
  • downloading
    • guidance 17.6.4
    • procedure 17.6.3
  • overwriting danger of 17.6.4
  • sharing with multiple endpoints guidance 17.6.4
  • uploading
    • guidance 17.6.4
    • procedure 17.6.2
• critical data 3.3.4

---

D

• dashboard
  • status panes 14.1.3
  • viewing 14.1.2
• data
  • backing up, about 13.1
  • restoring, about 13.1
• Database as a Service
  • about configuring for Key Vault 11.2.1
  • configuring instance 11.2.2
  • creating low privileged user 11.2.3
  • deleting SSH tunnel 11.3.7
  • disabling SSH tunnel 11.3.5
  • enrolling instance as endpoint
    • about 11.4.1
    • installing Oracle Key Vault software onto 11.4.4
    • post-installation tasks 11.4.5
    • preparing environment 11.4.3
    • registering 11.4.2
  • resuming access to Oracle Key Vault 11.7
  • reverse SSH tunnel in multi-master cluster 11.3.2
  • reverse SSH tunnel in primary-standby configuration 11.3.3
  • SSH tunnel between Oracle Key Vault and DBaas instance 11.3.1
  • SSH tunnel not active 11.3.6
  • suspending access to Oracle Key Vault
    • about 11.5.1
    • procedure 11.5.2
  • users
    • low privileged user for DBaaS 11.2.3
  • viewing SSH tunnel details 11.3.4
• del_attr command 12.7.5.4
• del_custom_attr command 12.7.5.5
• del_member command 12.7.7.2
• delete_endpoint_group command 12.6.5.4
• delete_endpoint command 12.6.3.3
• delete_wallet command 12.6.6.6, 12.6.6.15
• deleting user accounts 7.1.5
• deleting user groups 7.5.9
• deployment
  • architecture 2.2
  • overview 1.7
• deployments
  • credential files, archiving and downloading 17.6.1
  • Java keystores, uploading and downloading 17.4.1
  • JKS and JCEKS keystores, archiving and downloading 17.5.1
  • migrating standalone Key Vault server to multi-master cluster 3.4.4.1
  • online master keys for TDE wallets 1.3.2
  • Oracle wallets, uploading and downloading 17.4.1
  • primary-standby to multi-master cluster 3.4.4.2
  • recommendations for 5.13
• deployment scenarios
  • cluster size and availability 3.5.1
  • mid-size cluster 3.5.3
  • two data centers 3.5.3
  • two nodes 3.5.2
• destroy command 12.7.6.2
• diagnostic reports
  • about 16.1.4.1
  • generating file 16.1.4.3
  • installing generation utility 16.1.4.2
  • removing diagnostic generation utility 16.1.4.5
  • removing temp files 16.1.4.4
• diagnostics
  • accessing with okvutil diagnostics B.4
• diagnostics generation utility
  • transaction check error C.9
• disk space, adding 4.5.7
• DNS
  • nodes 14.3.1.4.1
• DNS IP addresses, setting 14.2
• DNS settings
  • multi-master clusters 14.3.2.3
• download command 12.6.3.4
• download command (okvutil) B.5
• downloading
  • credential files 17.6.3
  • JKS and JCEKS keystores 17.5.1, 17.5.3
  • wallets 17.4.3
• downtime, minimizing 14.7
• drop_epg_member command 12.6.5.5
• drop_wallet_access_ep command 12.6.6.7
• DSA keys, removing after upgrade 4.5.8

---

E

• email
  • modify_endpoint_email command 12.6.4.1
• email addresses
  • changing 7.4.1
  • disabling email notifications 7.4.2
• email notification
  • about 16.1.2.1
  • configuring 16.1.2.2
  • disabling 16.1.2.4
  • testing 16.1.2.3
• emergency system recovery 2.5
• endpoint administrators
  • about 2.7
• endpoint database requirements 4.2.4
• endpoint groups
  • access grant to virtual wallet 9.5.4
  • add_epg_member command 12.6.5.1
  • add_wallet_access_epg command 12.6.6.2
  • adding endpoint too 9.5.5
  • create_endpoint_group command 12.6.5.2
  • create_unique_endpoint_group command 12.6.5.3
  • creating 9.5.2
  • delete_endpoint_group command 12.6.5.4
  • deleting 9.5.7
  • drop_epg_member command 12.6.5.5
  • modfify_endpoint_group_desc command 12.6.5.6
  • modify_wallet_access_epg command 12.6.6.8, 12.6.6.13
  • modifying details 9.5.3
  • modifying virtual wallets from Keys & Wallets tab 8.2.3
  • multi-master clusters, effect on 9.5.1
  • removing access to virtual wallets from Keys & Wallets tab 8.2.2
  • removing endpoint 9.5.6
• endpoint node scan lists
  • about 3.6.3
• endpoint platforms, supported 4.2.3
• endpoints 9.5.2
  • See also: endpoint groups
  • about 9.2.5.1
  • about managing 9.1.1
  • add_epg_member command 12.6.5.1
  • adding access to virtual wallet 9.4.1
  • adding to an endpoint group 9.5.5
  • adding using administrator-initiated enrollment 9.2.3
  • adding using self-enrollment 9.2.4
  • adding using self-enrollment, about 9.2.4.1
  • adding using self-enrollment, procedure for 9.2.4.2
  • administrators for 9.1.1
  • alternative for individual 9.2.5.3
  • associating default wallet with 9.3.1
  • configuration file 10.6
  • configuration parameters, about 9.6.3.1
  • configuration parameters, setting 9.6.3.2
  • create_endpoint command 12.6.3.1
  • create_unique_endpoint command 12.6.3.2
  • DBaaS
    • enrolling 11.4.1
    • registering 11.4.1
  • default wallet, setting for 9.3.2
  • delete_endpoint command 12.6.3.3
  • deleting 9.2.5.1, 9.2.5.2, 9.2.5.3
  • details
    • about 9.6.1
    • configuration parameters, about 9.6.3.1
    • configuration parameters, setting 9.6.3.2
    • modifying 9.6.2
  • diagnostics B.4
  • download command 12.6.3.4
  • downloading software 10.2.1
  • drop_epg_member commandd 12.6.5.5
  • drop_wallet_access_ep command 12.6.6.7
  • endpoint node scan lists 3.6.3
  • enrolling and provisioning 10.2.1
  • enrollment
    • about 10.1
    • administrator initiated, about 9.2.1
    • types of enrollment 9.2.1
  • enrollment in multi-master cluster 9.2.2
  • enrollment process
    • about 10.1
  • enrollment types 9.2.1
  • get_enrollment_token command 12.6.3.5
  • guidance on enrolling across deployments 3.5.3
  • installing software for new enrollment 10.2.3
  • Java home, how determined 10.3.1
  • limitiations of TDE endpoint integration 17.1.2
  • modify_endpoint_desc command 12.6.4.2
  • modify_endpoint_email command 12.6.4.1
  • modify_endpoint_name command 12.6.4.3
  • modify_endpoint_platform command 12.6.4.4
  • modify_endpoint_type command 12.6.4.5
  • modifying virtual wallets from Keys & Wallets tab 8.2.3
  • multi-master clusters, effect on 9.1.2
  • nodes available for connection 3.6.3
  • not using Oracle Key Vault client software 10.4
  • okvclient.ora file 10.6
  • okvutil utility for provisioning B.1
  • one or more endpoints 9.2.5.2
  • Oracle Cloud Infrastructure database instance
    • about 11.1
  • password, changing B.3
  • post-installation for new enrollment 10.2.4
  • preparing environment for new enrollment 10.2.2
  • provision command 12.6.3.6
  • provisioning
    • about 10.1
  • re_enroll_all command 12.6.3.8
  • re_enroll command 12.6.3.7
  • reenrolling 9.2.5.5
  • removing access to virtual wallets from Keys & Wallets tab 8.2.2
  • removing from an endpoint group 9.5.6
  • reports 16.4.2
  • revoking access to virtual wallet 9.4.2
  • suspending 9.2.5.4
  • TDE endpoint management 10.5
  • upgrading for enrolled 9.7.2
  • upgrading for unenrolled
    • downloading Oracle Key Vault okvclient.jar software 9.7.1.2
    • installing Oracle Key Vault okvclient.jar software 9.7.1.3
    • post-installation tasks 9.7.1.4
    • preparing environment 9.7.1.1
  • upgrading from unenrolled endpoint 9.7.1
  • wallet items, viewing 9.4.3
• endpoint self-enrollment, about 9.2.1
• enrolling endpoints
  • about 10.1
  • administrator initiated
    • about 9.2.1
  • self-initiated
    • about 9.2.1
• environment variables
  • JAVA_HOME, how determined during client installation 10.3.1
  • OKV_HOME
    • non-database utilities 10.3.3
    • set during installation 10.3.2
  • okvclient.ora location of 10.3.2
  • persistent master encryption key cache 17.3.4
  • sqlnet.ora file 10.3.4
• Error
  • Object is Unstorable in Container error B.5
• errors
  • about 12.6.7.1
  • at command line 12.6.7.2
  • error reporting
    • while running commands from script 12.6.7.3
• EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 17.3.7.6

---

F

• failovers
  • restoring primary-standby after 6.4
• failover situations
  • read-only restricted mode C.14.1
• FIPS 140–2 2.8
• FIPS-Inside
  • See: FIPS mode
• FIPS mode 2.8
  • disabling 14.3.1.5
  • enabling 14.3.1.5
• FIPS mode, setting 14.2

---

G

• get_attr command 12.7.5.6
• get_cert command 12.7.4.3
• get_default_wallet command 12.6.6.9
• get_enrollment_token command 12.6.3.5
• get_key command 12.7.4.4
• get_object_name command 12.6.6.10
• get_opaque command 12.7.4.5
• get_secret command 12.7.4.6
• get_wallets command 12.6.6.11
• granting access to objects or users 2.3.2

---

I

• initial node
  • creating 5.2
  • creation of 3.4.2
• installation and configuration
  • about 4.1
  • downloading appliance software 4.3.1
  • endpoint database requirements 4.2.4
  • endpoint platform, supported 4.2.3
  • installing appliance software procedure 4.3.2
  • network port requirements 4.2.2
  • post-installation tasks 4.3.3
  • system requirements 4.2.1
• installing appliance software 4.3.2
• interfaces 1.6
  • management console 1.6.1
  • okvutil endpoint utility 1.6.2
  • RESTful services 1.6.3

---

J

• JAVA_HOME environment variable
  • how determined during client installation 10.3.1
  • location determined during installation 10.3.1
• Java keystores
  • downloading B.5
  • uploading B.7
• JKS and JCEKS keystores
  • downloading
    • JKS and JCEKS keystores 17.5.1
    • procedure 17.5.3
  • uploading
    • procedure 17.5.2
• JKS and JCKS keystores
  • change to content guidance 17.5.4
  • downloading
    • guidance 17.5.4
  • overwriting danger of 17.5.4
  • sharing with multiple endpoints guidance 17.5.4
  • uploading
    • guidance 17.5.4

---

K

• Kerberos keytabs
  • downloading B.5
• kernels, removing after upgrade 4.5.6
• key
  • get_key command 12.7.4.4
  • reg_key command 12.7.4.2
• Key Administrator role
  • about 2.4.4
  • multi-master cluster effect on 7.1.2.2
• keyattributes
  • custom, del_custom_attr command 12.7.5.5
• key attributes
  • add_attr command 12.7.5.1
  • all_attr command 12.7.5.3
  • custom, add_custom_attr command 12.7.5.2
  • custom, mod_custom_attr command 12.7.5.9
  • del_attr command 12.7.5.4
  • get_attr command 12.7.5.6
  • list_attr command 12.7.5.7
  • mod_attr command 12.7.5.8
• key lifecycle management 1.5.2
• key rotation 1.3.2
• keys
  • activate Command 12.7.6.1
  • activating 8.4.3
  • create_key command 12.7.4.1
  • deactivating 8.4.4
  • deleting 8.4.6
  • destroy command 12.7.6.2
  • finding for Key Vault B.6
  • get_object_name command 12.6.6.10
  • locate command 12.7.6.3
  • multi-master clusters, effect on 8.4.2
  • query command 12.7.6.5
  • reports 16.4.4
  • revoke command 12.7.6.4
  • revoking 8.4.5
  • state of, managing 8.4.1
• keystores
  • Automatic Storage Management
    • about uploading from 18.4.1
    • copying keystore to 18.4.3
    • procedure for uploading from 18.4.2
• KMIP Protocol 1.5.10

---

L

• list_attr command 12.7.5.7
• list_wallet command 12.7.7.3
• list command (okvutil) B.6
• local backup destinations
  • about 13.2.1
• locate command 12.7.6.3
• log file locations C.3
• logging in to management console 4.4

---

M

• management console
  • about 1.6, 1.6.1
  • logging in to 4.4
  • overview of 4.7
• Management Information Base (MIB) variables 16.1.1.6
• master encryption keys
  • See: persistent master encryption key cache
  • persistent master encryption key cache 1.5.6, 17.3.3
  • TDE,
    • See: persistent master encryption key cache
  • user-defined key as 17.7.1
• maximum disable node duration
  • multi-master clusters 14.3.2.4
• mod_attr command 12.7.5.8
• mod_custom_attr command 12.7.5.9
• modfify_endpoint_group_desc command 12.6.5.6
• modify_endpoint_desc command 12.6.4.2
• modify_endpoint_email command 12.6.4.1
• modify_endpoint_name command 12.6.4.3
• modify_endpoint_platform command 12.6.4.4
• modify_endpoint_type command 12.6.4.5
• modify_wallet_access_ep command 12.6.6.12
• modify_wallet_access_epg command 12.6.6.8, 12.6.6.13
• modify_wallet_desc command 12.6.6.14
• monitoring
  • diagnostic reports 16.1.4.1
  • email notification 16.1.2.1
  • Oracle Audit Vault 16.1.5
  • remote monitoring 16.1.1.1
  • reports 16.4.1
  • SNMP 16.1.1.1
  • syslog configuration 16.1.3
• monitoring information for clusters 5.11
• multi-master clusters 3.3
  • about managing 5.1
  • addition of new server to cluster 3.4.3.3
  • addition of nodes 3.4.3.4
  • administration users, effect on 7.1.2.4
  • auditing 16.3.3
  • Audit Manager role, affect on 7.1.2.3
  • backup and restore operations 13.1
  • benefits 3.2
  • building and managing, about 3.4.1
  • candidate node 3.4.3.3
  • changing recovery passphrase 14.4.4
  • checking upgrade success 4.6.5
  • cluster node 3.3.1
  • cluster subgroup 3.3.3
  • controller node 3.4.3.2
  • critical data 3.3.4
  • difference from primary-standby configuration 6.1.3
  • DNS for individual nodes
    • clearing 14.3.1.4.2
    • setting 14.3.1.4.1
  • DNS settings 14.3.2.3
  • downtime, minimizing 14.7
  • effect on role management 7.2.1
  • endpoint enrollment 9.2.2
  • endpoint groups, effect on 9.5.1
  • endpoints 9.2.2
  • endpoints, effect on 9.1.2
  • expansion of
    • about 3.4.3.1
    • addition of more nodes 3.4.3.4
    • controller node 3.4.3.2
  • FIPS mode for individual nodes, setting 14.3.1.5
  • inconsistency resolution 3.6.1
  • initial node 3.4.2
  • Key Administrator role, effect on 7.1.2.2
  • keys, effect on 8.4.2
  • maximum disable node duration 14.3.2.4
  • mid-size cluster 3.5.3
  • migrating standalone Key Vault server to 3.4.4.1
  • mode types 3.3.7
  • multi-master clusters
    • expansion of
      • candidate nodes 3.4.3.3
  • name conflict resolution 3.6.2
  • network services for individual nodes 14.3.1.2
  • network settings for individual nodes 14.3.1.1
  • node limitations 3.3.2
  • operations permitted on modes 3.3.8
  • Oracle Audit Vault 16.1.5
  • overview 3.1
  • preparation for pre-upgrade 4.6.2
  • pre-upgrade 4.6.3
  • primary-standby to multi-master cluster 3.4.4.2
  • read-only mode 3.3.7
  • read-only node 3.3.6
  • read-only restricted mode 3.3.7
  • read-write mode 3.3.7
  • read-write node 3.3.5
  • reconfiguration changes 3.4.3.2
  • RESTful services enablement 14.3.2.5
  • restore operations 13.5.3
  • reverse SSH tunnels 11.3.2
  • rolling back pre-upgrade 4.6.6
  • security objects, effect on 8.4.2
  • size and availability 3.5.1
  • SNMP settings 14.3.2.7
  • syslog destination
    • clearing 16.1.3.2
    • setting 16.1.3.1
  • syslog settings 14.3.2.6
  • System Administrator role, effect on 7.1.2.1
  • system settings
    • about 14.3.2.1
  • system settings for individual nodes 14.3.1
  • system time for individual nodes
    • clearing 14.3.1.3.2
    • setting 14.3.1.3.1
  • system users, effect on 7.1.2.5
  • time settings 14.3.2.2
  • two data centers 3.5.3
  • two nodes 3.5.2
  • upgrade, about 4.6.1
  • upgrading each node 4.6.4
  • user accounts, effect on 7.1.2
  • user groups, changing description 7.5.7
  • user groups, creating in 7.5.3
  • user groups, deleting 7.5.9
  • user groups, effect on 7.5.2
  • user groups, removing users from 7.5.8
  • user groups, renaming 7.5.6
  • users, effect on 7.1.2.4
  • virtual wallet user access to 7.2.3
• MySQL integration with Oracle Key Vault 18.5

---

N

• naming conflicts
  • about 5.12.1
  • accepting suggested name 5.12.4
  • changing suggested name 5.12.3
  • finding 5.12.2
• network port requirements 4.2.2
• network services
  • setting 14.2
• nodes
  • creating first node 5.2
  • deleting 5.7
  • disabling 5.5
  • disabling replication 5.9.2
  • enabling 5.6
  • enabling replication 5.9.3
  • force deleting 5.8
  • restarting cluster services for 5.9.1
  • terminating pairing of 5.4

---

O

• OASIS Key Management Interoperability Protocol (KMIP)
  • Oracle Key Vault implementation of 1.5.10
• OKV_HOME environment variable
  • non-database utilities 10.3.3
• okvclient.jar
  • downloading for installation on endpoint 10.2.1
• okvclient.ora file
  • about 10.6
• okvutil utility
  • about 1.6, 1.6.2
  • changepwd command B.3
  • diagnostics command B.4
  • download command B.5
  • list command B.6
  • syntax B.2
  • upload command B.7
  • used to manage endpoints B.1
• online master keys
  • about using with Oracle Key Vault 1.3.2
  • centralized management of TDE keys 1.3.2
  • Oracle Data Guard connection 18.3.3
  • Oracle GoldenGate 18.2.2
• opaque
  • get_opaque command 12.7.4.5
  • reg_opaque command 12.7.4.8
• operations, restrictions and conditions of A
• options for access control 2.3.3
• Oracle Active Data Guard
  • support for data moves 18.6
• Oracle Audit Vault
  • integration for node 16.1.5
• Oracle Audit Vault and Database Firewall
  • enabling integration in System Settings page 14.2
• Oracle Cloud Infrastructure database instance endpoints
  • about 11.1
• Oracle Data Guard
  • migrating Oracle wallets 18.3.4
  • online master keys connection 18.3.3
  • reverse migrating wallets 18.3.5
  • uploading wallets to Oracle Key Vault 18.3.1
• Oracle Data Pump support for data moves 18.6
• Oracle GoldenGate
  • online master keys with
    • about 18.2.2
  • TDE wallet migration
    • about 18.2.3
  • wallets used with 18.2.1
• Oracle Key Vault
  • administering cluster environments 14.3
  • benefits 1.2
  • deployment architecture 2.2
  • deployment overview 1.7
  • key management, about 1.1
  • RESTful services 12.1
  • standards and protocols 1.5.10
  • system settings in non-multi-master cluster environment 14.2
  • who should use 1.4
• Oracle Key Vault client software
  • endpoints not using 10.4
• Oracle Key Vault concepts 2.1
• Oracle Key Vault endpoint utility
  • See: okvutil utility
  • about 1.6, 1.6.2
• Oracle Key Vault features
  • ASM cluster file system encryption key management 1.5.14
  • audit and monitoring services, external support for 1.5.12
  • backup and restore support for security objects 1.5.7
  • centralized storage and management of security objects 1.5.1, 1.5.10
  • database release and platform support 1.5.11
  • DBaaS endpoint support 1.5.15
  • endpoint enrollment, automatic using RESTful services 1.5.8
  • HSM integration 1.5.16
  • key lifecycle management 1.5.2
  • MySQL integration 1.5.13
  • persistent master encryption key cache 1.5.6
  • primary-standby environment support 1.5.5, 14.5
  • reporting and alerts 1.5.3
  • RESTful service support for key management 1.5.9
  • separation of duties 1.5.4
• Oracle Key Vault general system administration
  • about 14.1.1
• Oracle Key Vault interfaces 1.6, 1.6.2
  • management console 1.6.1
  • RESTful services 1.6.3
• Oracle Key Vault keys
  • finding B.6
• Oracle Key Vault maintenance
  • dashboard 14.1.2
  • system settings 14.3.1
• Oracle Key Vault management console
  • about 1.6
  • overview of 4.7
• Oracle Key Vault Multi-Master Cluster A
• Oracle Key Vault status
  • viewing 14.1.2
• Oracle Key Vault use cases 1.3
• Oracle Real Application Clusters
  • RESTful services 12.1
  • support for data moves 18.6
  • wallets 18.1
• Oracle Recovery Manager (RMAN) support for data moves 18.6
• Oracle wallets
  • downloading
    • about 17.4.1
  • uploading
    • about 17.4.1

---

P

• passphrases 14.4.1
  • See also: passwords
  • changing in clusters environment 14.4.4
  • changing in non-clusters environment 14.4.3
  • recovering credentials 14.4.2
  • recovering system 14.4.1
• passwords 14.4.1
  • See also: passphrases
  • about changing 7.3.1, 7.3.3
  • changing endpoint password B.3
  • changing operating system passwords 7.3.3.3
  • changing password automatically 7.3.3.2
  • changing password manually 7.3.3.1
  • changing your own 7.3.2
  • controlling manual password reset operations, about 7.3.4.1
  • controlling manual password reset operations, configuration 7.3.4.2
• persistent master encryption key cache
  • about 17.3.1
  • architecture 17.3.2
  • caching master encryption keys in-memory 17.3.3
  • contents of, listing 17.3.8
  • environment variables, importance of setting 17.3.4
  • modes of operation
    • first mode 17.3.5.2
    • Oracle Key Vault first mode 17.3.5.1
  • Oracle Database deployments 17.3.9
  • PEXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 17.3.7.6
  • PKCS11_CACHE_TIMEOUT parameter 17.3.7.1
  • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 17.3.7.4
  • PKCS11_PERSISTENT_CACHE_FIRST parameter 17.3.7.3
  • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 17.3.7.5
  • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 17.3.7.2
  • refresh window 17.3.6
  • storage location 17.3.4
• PKCS11_CACHE_TIMEOUT parameter 17.3.7.1
• PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 17.3.7.4
• PKCS11_PERSISTENT_CACHE_FIRST parameter 17.3.7.3
• PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 17.3.7.5
• PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 17.3.7.2
• post-installation tasks 4.3.3
• primary servers
  • role in primary-standby configuration 6.1.4
• primary-standby
  • restore operations 13.5.4
• primary-standby configuration
  • about 6.1.1
  • benefits 6.1.2
  • best practices 6.7
  • changing SNMP settings on standby server 16.1.1.4
  • checking TDE wallet migration for logical standby 18.3.7
  • configuring primary server 6.2.1
  • configuring standby server 6.2.2
  • difference from multi-master clusters 6.1.3
  • disabling 6.5
  • downtime, minimizing 14.7
  • enabling primary-standby on primary 6.2.3
  • migrating TDE wallets to Oracle Key Vault for standby 18.3.6
  • persistent master encryption key cache
    • downtime, minimizing 14.7
  • primary server
    • configuring 6.2.1
    • enabling for primary-standby 6.2.3
  • primary server role 6.1.4
  • read-only restricted mode
    • downtime, minimizing 14.7
  • read-only restricted mode, disabling 6.6.6
  • read-only restricted mode, enabling 6.6.5
  • read-only restricted mode, recovering from 6.6.7
  • read-only restricted mode disabled 6.6.3
  • read-only restricted mode enabled 6.6.2
  • read-only restricted mode impact 6.6.1
  • read-only restricted mode state during network failure 6.6.4.4
  • read-only restricted mode state during primary server failure 6.6.4.2
  • read-only restricted mode state during standby server failure 6.6.4.3
  • read-only restricted mode states 6.6.4.1
  • restoring primary-standby after 6.4
  • reverse SSH tunnels 11.3.3
  • standby server
    • configuring 6.2.2
  • standby server role 6.1.5
  • switching servers 6.3
  • unpairing 6.5
• primary-standby environments
  • console certificates 15.2.5
• primary-standby server
  • moving to multi-master cluster 3.4.4.2
• privileges 2.3.1
  • See also: access control
  • access control options 2.3.3
  • access grants for virtual wallets 2.3.2
  • RESTful services 12.2
• provision command 12.6.3.6

---

Q

• query command 12.7.6.5

---

R

• re_enroll_all command 12.6.3.8
• re_enroll command 12.6.3.7
• read-only mode
  • about 3.3.7
• read-only nodes
  • about 3.3.6
  • creating 5.3.2
• read-only restricted mode
  • about 3.3.7
  • disabling 6.6.6
  • enabling 6.6.5
  • failover, planned shutdown in standby server C.14.2.3, C.14.3.3
  • failover, planned shutdown of primary server during upgrade C.14.2.1, C.14.3.1
  • failover, planned shutodwn on primary server during maintenance C.14.2.2, C.14.3.2
  • failover, unplanned shutdown in primary server C.14.2.4, C.14.3.4
  • failover, unplanned shutdown in standby server C.14.2.5, C.14.3.5
  • notifications 6.6.8
  • primary-standby configuration, impact on 6.6.1
  • primary-standby configuration without read-only restricted mode enabled 6.6.3
  • primary-standby configuration with read-only restricted mode enabled 6.6.2
  • recovering primary-standby 6.6.7
• read-only restricted mode states
  • network failure in primary-standby configuration 6.6.4.4
  • primary server failure 6.6.4.2
  • primary-standby configuration 6.6.4.1
  • standby server failure 6.6.4.3
• read-write mode
  • about 3.3.7
• read-write nodes
  • about 3.3.5
• read-write pair of nodes
  • creating 5.3.1
• read-write pairs of nodes
  • creating additional 5.3.3
• recovery passphrase
  • about recovering 14.4.1
  • changing in clusters environment 14.4.4
  • changing in non-clusters environment 14.4.3
  • protecting the backup 13.4.5
  • recovering credentials 14.4.2
• reg_cert command 12.7.4.7
• reg_key command 12.7.4.2
• reg_opaque command 12.7.4.8
• reg_secret command 12.7.4.9
• rekey operation 1.3.2
• remote backup destination
  • about 13.2.1
• remote backup destinations
  • changing settings 13.2.3
  • creating 13.2.2
  • deleting 13.2.4
• remotely monitoring using SNMP 16.1.1.5
• remote monitoring
  • about 16.1.1.1
  • changing settings on standby server 16.1.1.4
  • changing user name and password 16.1.1.3
  • granting SNMP access to users 16.1.1.2
• removing user from a user group 7.5.8
• renaming a user group 7.5.6
• reporting 1.5.3
• reports
  • about 16.4.1
  • endpoint reports 16.4.2
  • keys reports 16.4.4
  • notification report 16.4.5
  • system reports 16.4.5
  • user reports 16.4.3
  • wallets reports 16.4.4
• restarting Oracle Key Vault 14.2
• RESTful administrative commands
  • add_epg_member 12.6.5.1
  • add_wallet_access_ep 12.6.6.1
  • add_wallet_access_epg 12.6.6.2
  • check_object_status 12.6.6.3
  • check_unique_wallet 12.6.6.4
  • create_endpoint 12.6.3.1
  • create_endpoint_group 12.6.5.2, 12.6.5.3
  • create_unique_endpoint 12.6.3.2
  • create_wallet 12.6.6.5
  • delete_endpoint_group 12.6.5.4
  • delete_unique_endpoint 12.6.3.3
  • delete_wallet 12.6.6.6
  • download 12.6.3.4
  • drop_epg_member 12.6.5.5
  • drop_wallet_access_ep 12.6.6.7
  • drop_wallet_access_epg 12.6.6.8
  • error reporting
    • about 12.6.7.1
    • while running commands from script 12.6.7.3
  • error reporting at command line 12.6.7.2
  • get_default_wallet 12.6.6.9
  • get_enrollment_token 12.6.3.5
  • get_object_name 12.6.6.10
  • get_wallets 12.6.6.11
  • help information 12.6.8
  • modify_endpoint_desc 12.6.4.2
  • modify_endpoint_email 12.6.4.1
  • modify_endpoint_group_desc 12.6.5.6
  • modify_endpoint_name 12.6.4.3
  • modify_endpoint_platform 12.6.4.4
  • modify_endpoint_type 12.6.4.5
  • modify_wallet_access_ep 12.6.6.12
  • modify_wallet_access_epg 12.6.6.13
  • modify_wallet_desc 12.6.6.14
  • mset_default_wallet 12.6.6.15
  • provision 12.6.3.6
• RESTful APIs
  • reports 16.4.5
• RESTful key management commands
  • about 12.7.1, 12.7.6.5
  • activate 12.7.6.1
  • add_attr 12.7.5.1
  • add_custom_attr 12.7.5.2
  • add_member 12.7.7.1
  • all_attr 12.7.5.3
  • commands listed 12.7.3
  • create_key 12.7.4.1
  • del_attr 12.7.5.4
  • del_cust_attr 12.7.5.5
  • del_member 12.7.7.2
  • destroy 12.7.6.2
  • get_attr 12.7.5.6
  • get_cert 12.7.4.3
  • get_key 12.7.4.4
  • get_opaque 12.7.4.5
  • get_secret 12.7.4.6
  • list_attr 12.7.5.7
  • list_wallet 12.7.7.3
  • locate 12.7.6.3
  • mod_attr 12.7.5.8
  • mod_custom_attr 12.7.5.9
  • privileges required 12.7.1
  • reg_cert 12.7.4.7
  • reg_key 12.7.4.2
  • reg_opaque 12.7.4.8
  • reg_secret 12.7.4.9
  • revoke 12.7.6.4
  • usage 12.7.2
• RESTful services
  • about 1.6.3, 12.1
  • command syntax 12.6.2
    • administrative commands 12.6.1
  • configuration file
    • about 12.4.1
    • creating 12.4.3
    • creation guidelines 12.4.2
    • examples 12.4.4
    • executing multiple commands in script 12.4.6
    • executing single command 12.4.5
  • console certificates 15.2.5
  • disabling 12.5
  • downloading software utility 12.3.4
  • enabling network services 12.3.2
  • enabling RESTful services 12.3.3
  • multi-master clusters, enablement 14.3.2.5
  • multitenant environments 12.1
  • Oracle Real Application Clusters 12.1
  • privileges 12.2
  • system requirements 12.3.1
• RESTful Services
  • commands
    • endpoint management 12.6.5
  • enabling 12.3
• restoring data
  • about 13.5.1
  • best practices 13.6
  • multi-master clusters 13.5.3
  • primary-standby deployment 13.5.4
  • procedure 13.5.2
  • system state after 13.5.6
  • third-party certificates 13.5.5
• revoke command 12.7.6.4
• roles
  • about 2.4.1
• Roots of Trust (RoT) 1.5.16
• root user
  • about 2.6

---

S

• search bars 4.8.2
• searches
  • how to perform searches in Oracle Key Vault management console 4.8
• secret
  • get_secret command 12.7.4.6
  • reg_secret command 12.7.4.9
• secure user management 7.3.4.1
• security objects
  • activating 8.4.3
  • adding to virtual wallets 8.1.3
  • deactivating 8.4.4
  • deleting 8.4.6
  • details of, about 8.5.1
  • downloading to different types B.5
  • modifying details of 8.5.4
  • multi-master clusters, effect on 8.4.2
  • removing from virtual wallets 8.1.4
  • revoking 8.4.5
  • searching for object items 8.5.2
  • state of, managing 8.4.1
  • viewing details of 8.5.3
  • virtual wallets, creating for 8.1.2
• self-enrollment, for endpoints 9.2.4.1
• separation of duties 1.5.4
  • how Oracle Key Vault manages 2.4.2
  • users 7.1.1
• shutting down Oracle Key Vault 14.2
• SNMP
  • about 16.1.1.1
  • changing settings on standby server 16.1.1.4
  • changing user name and password 16.1.1.3
  • example of simplified remote monitoring 16.1.1.7
  • granting access to user 16.1.1.2
  • Management Information Base (MIB) variables 16.1.1.6
  • remotely monitoring Oracle Key Vault 16.1.1.5
• SNMP settings
  • multi-master clusters 14.3.2.7
• split-brain scenarios 6.1.1
• sqlnet.ora file
  • environment variables and 10.3.4
• SSH access, setting 14.2
• SSH key files
  • downloading from Key Vault to a wallet B.5
• SSH tunnels
  • creating between Oracle Key Vault and DBaas instance 11.3.1
  • deleting 11.3.7
  • disabling 11.3.5
  • multi-master clusters 11.3.5, 11.3.6, 11.3.7
  • not active 11.3.6
  • reverse SSH tunnel in multi-master cluster 11.3.2
  • reverse SSH tunnel in primary-standby configuration 11.3.3
  • viewing details 11.3.4
• standby servers
  • role in primary-standby configuration 6.1.5
• support user
  • about 2.6
• swap space, extending 4.5.7
• syslog, setting 14.2
• syslog configuration
  • audit records 16.3.2
  • destination
    • clearing 16.1.3.2
    • setting 16.1.3.1
• syslog settings
  • multi-master clusters 14.3.2.6
• System Administrator role
  • about 2.4.3
  • multi-master cluster effect on 7.1.2.1
• system diagnostics
  • See: diagnostic reports
• system recovery 2.5, 14.4.1
• system requirements 4.2.1
• system time, setting 14.2
• system users
  • multi-master cluster effect on 7.1.2.5

---

T

• TDE direct connect
  • See: online master keys
• TDE-enabled databases
  • about configuring Key Vault for 17.1.1
  • configuring environment for 17.1.3
  • integrating TDE with Key Vault 17.1.4
  • limitations of TDE endpoint integration 17.1.2
• TDE master encryption keys
  • centralized management 1.3.2
• TDE wallets
  • Oracle GoldenGate 18.2.3
• third-party certificates
  • restoring data 13.5.5
• time, clearing for node 14.3.1.3.2
• time, setting for node 14.3.1.3.1
• time settings
  • multi-master clusters 14.3.2.2
• Transparent Data Encryption 17.1.1
  • See also: TDE-enabled databases
  • downtime, minimizing for TDE heartbeat 14.7
  • endpoint management 10.5
• transportable tablespaces support for data moves 18.6
• troubleshooting
  • finding log files C.3
  • upgrade errors C.7
  • uploading Java keystores C.4
  • uploading keystores with same file name but different contents C.6
  • uploading the same Oracle wallet multiple times C.5
• types of backups 13.3.2

---

U

• upgrades
  • error handling C.7
• upgrading
  • backing up
    • Oracle Key Vault server 4.5.9
  • backing up upgraded Oracle Key Vault server 4.5.9
  • endpoint software 4.5.5
  • Oracle Key Vault pair
    • about 4.5.4.1
    • procedure 4.5.4.3
  • Oracle Key Vault standalone
    • about 4.5.4.1
    • procedure 4.5.4.2
  • removing DSA keys 4.5.8
  • removing old kernels 4.5.6
• upgrading endpoint software
  • unenrolled endpoint 9.7.1
• upgrading multi-master cluster nodes
  • about 4.6.1
  • checking upgrade success 4.6.5
  • pre-upgrading 4.6.3
  • pre-upgrading preparation 4.6.2
  • rolling back pre-upgrade script 4.6.6
  • upgrading each node 4.6.4
• upgrading standalone or primary-server
  • about 4.5.1
• upload command (okvutil) B.7
• uploading
  • credential files 17.6.2
  • JKS and JCEKS keystores 17.5.1, 17.5.2
  • wallets 17.4.2
  • wallet to Oracle RAC 18.1
• use cases 1.3
  • centralized storage 1.3.1
  • key rotation 1.3.2
  • online management of keys and secret data 1.3.4
  • storage of credential files 1.3.3
• user accounts
  • multi-master clusters, effect on 7.1.2
• user-defined keys
  • about 17.7.1
  • activating 17.7.3
  • uploading to Oracle Key Vault 17.7.2
• user groups 7.5.1
  • adding a user 7.5.4
  • changing description 7.5.7
  • creating 7.5.3
  • deleting 7.5.9
  • granting access to virtual wallet 7.5.5
  • modifying virtual wallets from Keys & Wallets tab 8.2.3
  • multi-master clusters, effect on 7.5.2
  • removing access to virtual wallets from Keys & Wallets tab 8.2.2
  • removing access to virtual wallets from User's tab 8.3.3
  • removing user from 7.5.8
  • renaming 7.5.6
  • revoking access to virtual wallets 8.3.4
• users 7.5.1
  • See also: user groups
  • about changing password 7.3.3
  • about user accounts 7.1.1
  • administrative roles, about 7.2.1
  • administrative roles, granting or changing 7.2.2
  • administrative roles, revoking 7.2.4
  • administrator roles 2.4.1
  • changing operating system passwords 7.3.3.3
  • changing own password 7.3.2
  • changing password automatically 7.3.3.2
  • changing password manually 7.3.3.1
  • changing passwords, about 7.3.1
  • changing user email address 7.4.1
  • controlling manual password reset operations, about 7.3.4.1
  • controlling manual password reset operations, configuration 7.3.4.2
  • creating accounts 7.1.3
  • deleting accounts 7.1.5
  • disabling email notifications 7.4.2
  • endpoint administrators
    • about 2.7
  • granting access to virtual wallet 7.2.3
  • modifying virtual wallets from Keys & Wallets tab 8.2.3
  • multi-master cluster effect on 7.1.2.4
  • removing access to virtual wallets from Keys & Wallets tab 8.2.2
  • removing access to virtual wallets from User's tab 8.3.2
  • reports 16.4.3
  • root user
    • about 2.6
  • support user
    • about 2.6
  • view account details 7.1.4

---

V

• viewing user account details 7.1.4
• virtual wallets
  • about 8.1.1
  • access management from Keys and Wallets tab 8.2.1
  • adding endpoint access to 9.4.1
  • adding security objects to 8.1.3
  • creating 8.1.2
  • deleting 8.1.5
  • endpoint group access grant 9.5.4
  • granting access to from Keys & Wallets tab 8.2.2
  • granting access to from Users tab 8.3.1
  • granting user access to 7.2.3, 7.5.5
  • granting user group access to from User's tab 8.3.3
  • modifying from Keys & Wallets tab 8.2.3
  • removing security objects from 8.1.4
  • removing user access to from Users tab 8.3.2
  • revoking endpoint access 9.4.2
  • revoking user group access from 8.3.4

---

W

• wallets
  • add_member command 12.7.7.1
  • add_wallet_access_ep command 12.6.6.1
  • add_wallet_access_epg command 12.6.6.2
  • check_object_status command 12.6.6.3
  • checking TDE wallet migration for logical standby
    • about 18.3.7
  • create_unique_wallet command 12.6.6.4
  • create_wallet command 12.6.6.5
  • del_member command 12.7.7.2
  • delete_wallet command 12.6.6.6, 12.6.6.15
  • downloading
    • guidance 17.4.4
    • procedure 17.4.3
  • downloading from Key Vault to a wallet B.5
  • drop_wallet_access_ep command 12.6.6.7
  • endpoint group access grant 9.5.4
  • endpoints, associating 9.3.1
  • endpoints, viewing wallet items for 9.4.3
  • get_default_wallet command 12.6.6.9
  • get_wallets command 12.6.6.11
  • key rotation guidance 17.4.4
  • list_wallet command 12.7.7.3
  • migrating existing TDE wallet to Key Vault
    • about 17.2.1
    • procedure 17.2.2
  • migrating TDE to Key Vault for logical standby database
    • about 18.3.6
  • migrating to Oracle Data Guard 18.3.4
  • modify_wallet_access_ep command 12.6.6.12
  • modify_wallet_access_epg command 12.6.6.8, 12.6.6.13
  • modify_wallet_desc command 12.6.6.14
  • Oracle GoldenGate use with 18.2.1
  • Oracle Real Application Clusters environment 18.1
  • overwriting danger of 17.4.4
  • reports 16.4.4
  • restoring database contents previously encrypted by TDE
    • about 17.2.3
  • reverse migrating in Oracle Data Guard
    • about 18.3.5
  • setting default for endpoint 9.3.2
  • sharing with multiple endpoints guidance 17.4.4
  • uploading
    • guidance 17.4.4
    • procedure 17.4.2
  • uploading contents to Key Vault server B.7
  • uploading in Oracle Data Guard
    • about 18.3.1
    • procedure 18.3.2
• Web access, setting 14.2