The format in which Oracle Key Vault is made available. The Oracle Key Vault software appliance includes the operating system, the software that implements the Oracle Key Vault functionality, the database, the replication software, and other related components. Oracle Key Vault is delivered as a software image that is installed on a standalone computer, or machine, supplied by the user. Oracle provides all updates for the software on the appliance, including the operating system. Do not load additional software on the Oracle Key Vault appliance.

You can deploy an Oracle Key Vault appliance as a standalone server, a member of a primary-standby configuration, or a node in a multi-master cluster.

Audit Manager

An Oracle Key Vault administrative role that enables a user to manage audit lifecycle and policies and to separate the role of auditing from the role of managing the Oracle Key Vault server.

auto-login wallet

An Oracle wallet file that can be accessed without a password. An auto-login wallet is stored in a cwallet.sso file.

candidate node

During node induction, an Oracle Key Vault server to be added to a multi-master cluster.  A candidate node must be a freshly installed Oracle Key Vault appliance, except when it is the initial node, in which case it provides the entirety of the cluster's initial data. A candidate node must be at the same release and patch level as the multi-master cluster to which it is being added.

After the server has been inducted into a cluster, it is a called a node. After a successful node induction, you can configure the server to use the cluster-wide configuration settings. The cluster data set is then replicated to the node.

cluster data set

The set of all security objects managed by the cluster. When creating the cluster, the initial node provides all of the security objects that will be part of the initial cluster data set.

cluster link

A link that represents the outbound network connection (to the node) and the inbound replication process (from the node). You can enable or disable the link to manage node data replication.

cluster subgroup

A group of one or more nodes that is a subgroup of a cluster. Each node in a cluster can belong to only one subgroup. The node is assigned to a subgroup when the node is added to the multi-master cluster and this assignment remains unchanged for the lifetime of the node. The assignment is for each node, and members of a read-write pair can be in different subgroups.

The subgroup implements a notion of endpoint affinity. It is used when you set the endpoint's node search order in the endpoint node scan list. Nodes in the same subgroup as the node where the endpoint was added are considered local to the endpoint. The local subgroup is scanned first before communicating with nodes that are not in the local subgroup.

The cluster topology can change when you add or remove new nodes to and from the cluster. The endpoints get this information with the response messages for the operations the endpoint initiated. Oracle Key Vault periodically sends the updated endpoint node scan list back to the endpoint even if there is no change to cluster topology. This is to account for any lost messages.

controller node

A node that controls or manages a cluster reconfiguration change, such as adding, enabling, disabling, or removing nodes.  A node is only a controller node while the change is being made. During node induction, the controller node provides the server certificate and the data that is used to initialize the candidate node

Each concurrent operation will have its own controller node.  One controller node can only control one cluster configuration transaction at a time.

credential file

A file that contains sensitive information such as user IDs, passwords, and keys. The file, such as a Kerberos keytab file, is stored as an opaque object, which means that its individual contents are not interpreted by Oracle Key Vault. The entire file is uploaded and downloaded as an object.

See also security object.

default wallet

A special virtual wallet that is associated with an endpoint, into which all the endpoint's security objects can be automatically uploaded.

deleted node

A node that has been disassociated from the cluster, either by using the Delete or Force Delete buttons on the Oracle Key Vault management console. If it has been disabled for longer than the Maximum Disable Node duration, then you must delete the node.

Once a node has been deleted, you cannot re-associate it with the cluster. If it is to be inducted into the cluster, then you must re-image it and then convert into a freshly installed server.

You can use the Delete option under normal operating circumstances. Only use the Force Delete option if the node is unreachable when the Delete option does not work.


A computer system such as a database server, an application server, and other information systems, where keys are used to access encrypted data and credentials are used to authenticate to other systems.

endpoint administrator

Owner of an endpoint. Endpoint administrators can be typically system, security, or database administrators, but they can be any personnel charged with deploying, managing and maintaining security within an enterprise. They are responsible for enrolling endpoints and controlling endpoint access to security objects.

endpoint group

A collection of endpoints that are created to share a set of security objects.

endpoint node scan list

A list of nodes to which an endpoint can connect.

heartbeat lag

A monitored metric that determines the health of the multi-master cluster.  This is an indication of the node and network health. It is the time since the current node received a heartbeat message from a given node. A heartbeat is sent out from each node every two minutes. Every heartbeat should be received on each other node shortly thereafter.

A higher heartbeat lag indicates that the user operations that require conflict resolution like creating a wallet will take longer. Heartbeat lags between any two nodes affect the operations cluster wide. If the heartbeat lag is high, ensure that the cluster services are active and that replication is active. Disable and then re-enable the links between the two nodes between which the heartbeat lag is significant.

initial node

The first, or initial, node of an Oracle Key Vault Multi-Master Cluster. You create a multi-master cluster by converting a single Oracle Key Vault server to become the initial node.  The Oracle Key Vault server can be a clean installed Oracle Key Vault server, or it can already be in service with active data. A standalone server or a member of a primary-standby configuration can be converted to be the initial node of a cluster. If you want to use a member of a primary-standby configuration, then you must first break the primary-standby relationship splitting the pair.

If the initial node has been active and therefore has data, then Oracle Key Vault uses this data as the cluster data set to initialize the cluster.

Initialization can occur only once in the life of the cluster.

installation passphrase

A password that is specified during the Oracle Key Vault installation. The installation passphrase is used to log in to Oracle Key Vault and complete the post-installation tasks. The installation passphrase can only be changed on the Oracle Key Vault management console after installation but before post-installation. After you complete the post-installation process, this option no longer appears on the management console.


The environment variable that points to the location of Java files (JDK/JRE) in the system. This allows Java applications to look up the JAVA_HOME variable in order to operate.

Java keystore file

A file that can hold multiple security objects such as keys and certificates. It uses the Java Keystore File (JKS) format.

Key Administrator

An Oracle Key Vault administrator role that enables a user to manage the key lifecycle and control access to all security objects within Oracle Key Vault. This is a highly sensitive role and should be granted with care.


A generalized term for a container that stores encryption keys including but not limited to TDE master encryption keys.

Management Information Base (MIB)

See MIB.

master encryption key

See TDE master encryption key.

maximum disable node duration

The time, in hours, that a node may remain in the disabled state. If the node has been disabled for a longer duration, it can no longer be enabled.

The default maximum disable node duration is 24 hours.


Management information base; a text file that, if Oracle Key Vault is monitored through SNMP, describes the variables that contain the information that SNMP can access. The variables described in a MIB, which are also called MIB objects, are the items that can be monitored using SNMP. There is one MIB for each element that is monitored.

name resolution time

A monitored metric used to determine the health of the multi-master cluster. It is the average time taken to ascertain that there is no name conflict in the cluster or to resolve the name conflict after an attempt to use conflicting names took place.


A Oracle Key Vault server that has been converted to be member of a Oracle Key Vault multi-master cluster. It is known as an Oracle Key Vault cluster node or simply a node.

node induction

The process of converting an Oracle Key Vault server to be a node in the multi-master cluster.

The initial node in a cluster provides the initial cluster data set.  Subsequently, only new Oracle Key Vault servers can be inducted to the multi-master cluster, and the current data in the multi-master cluster is loaded into the new nodes.


The environment variable that points to the location in which the Oracle Key Vault endpoint software will reside. It contains sub-directories for endpoint software such as the configuration files, log files, libraries, binaries, and other files that the endpoint software utility needs.

online master key

A TDE-generated master encryption key that is stored in Oracle Key Vault. The online master key enables Oracle Key Vault administrators to have full control over the TDE master encryption keys that Key Vault protects. When a key rotation is performed on the online master key, the change is reflected in all other nodes in a cluster. In previous releases, the term for online master key was TDE direct connection.

Opaque Object

A security object that Oracle Key Vault cannot interpret.

Oracle Key Vault appliance

See appliance.

Oracle Key Vault multi-master cluster

A distributed set of Oracle Key Vault nodes that are grouped together so that they all communicate with one another. Some pairs of nodes are configured as read-write pairs. In a read-write pair, an update to one node is replicated to the other node, and the update must be verified on the other node before the update is considered successful.

All nodes in the multi-master cluster connect to all other nodes. Data updated in a read-write pair is replicated to all nodes.

Oracle Key Vault node

See node.

Oracle Key Vault server

An Oracle Key Vault server that is a standalone installation of the Oracle Key Vault appliance. It provides all the core functionality related to endpoints and wallets. 

Oracle wallet file

A container that can hold multiple security objects such as keys and certificates. It uses the PKCS#12 cryptographic standard.

You can manage Oracle wallets in Oracle Key Vault just like other security objects. Optionally, you can encrypt them and protect them with a password. An Oracle wallet that can be accessed without a password is called an auto-login wallet.

See also password-protected wallet.


The environment variable that points to the root of the Oracle Database directory tree. The Oracle Base directory is the top level directory that you can use to install the various Oracle software products. You can use the same Oracle base directory for multiple installations. For example, /u01/app/oracle is an Oracle base directory created by the oracle user.


The environment variable that points to the directory path to install Oracle components (for example, /u01/app/oracle/product/18.3.0/db_n). You are prompted to enter an Oracle home in the Path field of the Specify File Locations window.

ORACLE_HOME corresponds to the environment in which Oracle Database products run. If you install an OFA-compliant database, using Oracle Universal Installer defaults, then the Oracle home (known as $ORACLE_HOME in this guide) is located beneath $ORACLE_BASE. The default Oracle home is db_n where n is the Oracle home number. It contains subdirectories for Oracle Database software executable files and network files.


The environment variable that represents the Oracle System ID (SID), which uniquely identifies a particular database on a system. For this reason, you cannot have more than one database with the same SID on a computer system.

When using Oracle Real Application Clusters, you must ensure that all instances that belong to the same database have a unique SID.


Along with coraenv, a Unix/ Linux command line utility that sets the required environment variables (ORACLE_SID, ORACLE_HOME and PATH) to allow a user to connect to a given database instance. If these environment variables are not set, then commands such as sqlplus, imp, exp will not work (or not be found).

Use coraenv when using the C Shell and oraenv when using a Bourne, Korn, or Bash shell.

password-protected wallet

An encrypted Oracle wallet that has a user-defined password stored in an ewallet.p12 file.

PKCS#11 library

A library that allows an Oracle TDE database to connect to Oracle Key Vault to manage the master encryption keys.

PKCS#12 file

In cryptography, PKCS#12 defines an archive file format for storing many cryptographic objects as a single file. Wallet files are stored in PKCS#12 format.

read-only node

A node that is not part of a replication pair.  Most data cannot be directly updated using the Oracle Key Vault management console, or with Oracle Key Vault client software. Critical data such as keys, wallets, and certificates in a read-only node is only updated through replication from read-write nodes.

read-only restricted mode

A node enters read-only restricted mode when it has no read-write pair, or if its read-write peer is unavailable. The Oracle Key Vault console displays a warning that the node is operating in read-only restricted mode. In read-only restricted mode, updates using the Oracle Key Vault management console, or Oracle Key Vault client software are restricted. However, you can still perform system configuration on the node.

When the node is a member of a read-write pair, this indicates the other node has been disabled but not deleted from the cluster, or the heartbeat is not detected for other reasons. 

read-write mode

A node is in read-write mode when it is available for endpoint and wallet data updates using the Oracle Key Vault management console, or Oracle Key Vault client software. The node must be a member of a read-write pair, and the read-write peer must be online and active.

When both nodes in the pair are available, both nodes can accept updates, and all updates to one node are synchronously replicated to the peer. If one of the nodes in the pair becomes unavailable, then the remaining node enters read-only restricted mode and will not accept any data updates until the peer is restored. 

The node state is displayed on the Monitoring page of the Cluster tab of the node management console. The Cluster tab of the node management console displays the type and status of all nodes in the cluster.

read-write node

An active, connected, member of a read-write pair of nodes.

read-write pair

A pair of nodes that operates with bidirectional synchronous replication. You create the read-write pair by pairing a new node with a read-only node. You can update data, including the endpoint and wallet data, in either node by using the Oracle Key Vault management console, or Oracle Key Vault client software. The updates are replicated immediately to the other node in the pair. Updates are replicated asynchronously to all other nodes.

A node can be a member of at most one bidirectional synchronous pair.

A multi-master cluster requires at least one read-write pair to be fully operational. It can have a maximum of 8 read-write pairs.

read-write peer

The specific member of one, and only one, read-write pair in the cluster.  Each read-write pair consists of only two nodes. You configure nodes as peers by setting Add Candidate Node as Read-Write Peer to Yes on the controller node during induction of the candidate node.  Peers are identified on the Cluster Management Configuration page. 

If one member of the pair is deleted, then the peer automatically becomes a read-only node.

recovery passphrase

A secret token that is created during the installation of an Oracle Key Vault appliance. The recovery passphrase created for the initial node is subsequently used by the cluster and propagated to all other nodes in the cluster.

You enter the existing recovery passphrase on both the controller page and the candidate page during induction of any nodes into the cluster. Because there is only one recovery passphrase, you must use that same recovery passphrase when the recovery passphrase is required.


The process of replicating data changes that were made to a read-write node to all other nodes.  The read-write peer is updated immediately. Replication is used to distribute the data to all other nodes in the cluster.

replication lag

A monitored metric that determines the health of the multi-master cluster. It is the time taken for an object to be replicated to another node.

A higher replication lag indicates that the Oracle Key Vault operations like changing the access permissions for an endpoint on the wallet will take longer to replicate. Depending on the operation, a replication lag may or may not have a cluster-wide impact. If the replication lag is significant between two notes, then you should disable and re-enable the cluster links.

security object

An object that contains critical data provided by the user. A security object can be of the following types:

  • private encryption key
  • Oracle wallet
  • Java keystore
  • Java Cryptography Extension keystore
  • certificate
  • credential file

software appliance

A self-contained preconfigured product that can be installed on supported hardware dedicated for a specific purpose.


An Oracle Database configuration file for the client or server. By default, the sqlnet.ora file resides in $ORACLE_HOME/network/admin directory. It specifies the following connection information:

  • Client domain to append to unqualified service names or net service names

  • Order of naming methods for the client to use when resolving a name

  • Logging and tracing features to use

  • Route of connections

  • External naming parameters

  • Oracle Advanced Security parameters

System Administrator

An Oracle Key Vault administrator role that enables a user to create users, endpoints and their respective groups, configure system settings and alerts, and generally administer Oracle Key Vault. This is a highly sensitive role and should be granted with care.

TDE master encryption key

A key that encrypts the data encryption keys for tables and tablespaces.


A collection of attributes for security objects. When a security object is created using a template, then the attributes in the template are automatically assigned to the new object.


A staff member who uses Oracle Key Vault. Users can be administrators, auditors, or ordinary users with no administrative roles.

user group

A named collection of Oracle Key Vault users. A user group can collectively be granted privileges or roles.

virtual wallet

A container for security objects such as public and private encryption keys, TDE master encryption keys, passwords, credentials, and certificates in Oracle Key Vault. The main purpose of a virtual wallet is to enable sharing of keys among endpoints.