Changes in This Release for Oracle Key Vault

Oracle Key Vault release introduces new features that enhance the use of Oracle Key Vault in a large enterprise.

Changes for Oracle Key Vault Release 18.4

Oracle Key Vault release 18.4 introduces the ability to set a time-out value for the Oracle Key Vault management console.

Management Console Idle Session Timeout

Starting with this release, Oracle Key Vault will detect if the user session is idle, log the user out, and redirect the user to the login screen.

Starting with Oracle Key Vault release 18.4, Oracle Key Vault will detect if the user's management console session is idle, log the user out, and redirect the user to the login screen. The user's session remains active as long as the user clicks a button, moves the mouse or presses a key, or is performing other management console related activities. If the user's session is idle for more than the management console timeout duration, then the user is logged out and redirected to the login screen.

The management console timeout is configurable and has a default setting of 10 minutes. Before the management console session ends, the user is notified and is given an option to extend the session. The notification is raised 2 minutes before session expiry if the timeout value is 10 minutes or longer. For smaller timeout values, the notification will be raised 10 seconds or 30 seconds prior to session expiry depending on whether the timeout value is less than or greater than 5 minutes respectively. For example, if the timeout was set to 20 minutes, then the user will be notified after 18 minutes of inactivity and can extend the session. After the session is extended, if there is another period of 18 minutes with no activity detected, the user would be requested to extend the session once again. If the user does not extend the session this time, the user is logged out and redirected to login screen.

The management console idle session timeout applies to standalone, primary-standby, and multi-master cluster environments. In a multi-master cluster environment, setting the timeout value in one node applies the value to all nodes in the cluster. The timeout value takes effect after you click Save in the System Settings page, or click Save to Cluster in the Cluster System Settings page. Any update to the timeout value affects all new management console sessions immediately but affects the currently active sessions when the user's session is extended, the user refreshes the page, or the user navigates to another page.

Oracle Key Vault HSM Integration Supports Use of Token Labels

Oracle Key Vault now provides the ability to choose a softcard slot based on a token label.

HSMs may support multiple tokens each with a token label. You can now specify a token label in order to create or use keys from tokens in specific slots for HSM integration. If you do not specify a token label, Oracle Key Vault will fall back to the previous behavior where it will choose the token in the first slot of the slot list. Token Labels in Oracle Key Vault enable support for softcards in nCipher HSMs and partitions in Thales (Safenet) HSMs.

Utimaco as a Supported HSM Vendor

Utimaco is now a supported vendor for integration with Oracle Key Vault as the Root of Trust.

Starting with this release, you can configure Utimaco as a supported HSM vendor for integration with Oracle Key Vault, in addition to the current Safenet and nCipher vendors. For both the Hardware Security Modules and associated client-side libraries and tools, only version 4.31.1 is supported at this time.

Changes for Oracle Key Vault Release 18.3

Oracle Key Vault release 18.3 has two new features.

Oracle Key Vault Available in the Oracle Cloud Marketplace

Starting with this release, you can deploy Oracle Key Vault to run on an Oracle Cloud Infrastructure (OCI) VM compute instance.

This functionality is available as click-to-deploy software in the Oracle Cloud Marketplace. Another benefit of this type of deployment is that provisioning in OCI is more streamlined and provides for a faster way to get an application running than in an on-premises installation, which requires an administrator to manage the hardware on which Oracle Key Vault is installed.

Ability to Rename Endpoint Groups and Virtual Wallets Using RESTful Services

Starting with this release, you can rename endpoint groups and virtual wallets using RESTful services.

In previous releases, this ability was available in the Oracle Key Vault management console only, but is now available with the following new RESTful API commands:
  • modify_endpoint_group_name
  • modify_wallet_name