3 Commands Used in Previous Versions of Oracle Key Vault

The commands reference details commands used in Oracle Key Vault 12.2.0.5.0 and earlier.

• Enabling an HSM in a Primary-Standby Pre-Release 12.2 Oracle Key Vault Installation
  You can use SSH to enable an HSM in a primary-standby Oracle Key Vault installation on release 12.2.0.5.0 and earlier.
• Enabling the HSM_ENABLED Parameter in the Pre-Release 12.2 okv_security.conf File
  You can enable an HSM in a high availability Oracle Key Vault 12.2.0.5.0 and earlier installation.

3.1 Enabling an HSM in a Primary-Standby Pre-Release 12.2 Oracle Key Vault Installation

You can use SSH to enable an HSM in a primary-standby Oracle Key Vault installation on release 12.2.0.5.0 and earlier.

While performing the procedure HSM in a Primary-Standby Oracle Key Vault Installation under Vendor Specific Notes for nCipher on Oracle Key Vault 12.2.0.5.0 and earlier, use the following commands:

1. Perform the following manual steps on the intended primary as user oracle:

   $ ssh support@okv_primary_instance_IP_address
   $ su root
   root# su oracle
   oracle$ cd /usr/local/okv/hsm/wallet
   oracle$ scp cwallet.sso support@okv_standby_instance_IP_address:/tmp
   oracle$ scp enctdepwd support@okv_standby_instance_IP_address:/tmp

2. Perform the following manual steps on the intended standby as user root:

   $ ssh support@okv_standby_instance_IP_address
   $ su root
   root# cd /usr/local/okv/hsm/wallet
   root# mv /tmp/enctdepwd .
   root# mv /tmp/cwallet.sso .
   root# chown oracle *
   root# chgrp oinstall *

3.2 Enabling the HSM_ENABLED Parameter in the Pre-Release 12.2 okv_security.conf File

You can enable an HSM in a high availability Oracle Key Vault 12.2.0.5.0 and earlier installation.

While performing the procedure Enabling HSM in a High Availability Key Vault Installation on Oracle Key Vault 12.2.0.5.0 and earlier, use the following commands.

1. Perform the following manual steps on the primary node as user oracle:

   $ cd /usr/local/okv/hsm/wallet
   $ scp cwallet.sso support@okv_standby_instance_IP_address:/tmp
   $ scp enctdepwd support@okv_standby_instance_IP_address:/tmp
   

2. Enable the HSM_ENABLED parameter in the okv_security.conf file:

   $ cd /usr/local/okv/hsm/wallet
   $ mv /tmp/enctdepwd .
   $ mv /tmp/cwallet.sso .
   $ chown oracle *
   $ chgrp oinstall *
   $ vi /usr/local/okv/etc/okv_security.conf
      Set HSM_ENABLED="1"
      Set HSM_PROVIDER="provider_value"

   In this specification:

   • HSM_ENABLED is set in this example to 1 to enable the HSM for this node. Setting it to 0 disables the HSM.
   • HSM_PROVIDER refers to the HSM provider. For SafeNet, set this value to 1. For nCipher, set it to 2.

3. Save and quit by entering the following sequence of characters in the vi file: :wq!