Changes in This Release for Oracle Key Vault

Oracle Key Vault release introduces new features that enhance the use of Oracle Key Vault in a large enterprise.

• Changes for Oracle Key Vault Release 18.6
  Oracle Key Vault release 18.6 introduces the following new features.
• Changes for Oracle Key Vault Release 18.5
  Oracle Key Vault release 18.5 introduces the following new features.

Changes for Oracle Key Vault Release 18.6

Oracle Key Vault release 18.6 introduces the following new features.

• New Privileges to Enable Regular Administrators to Manage Endpoints and Endpoint Groups
  Oracle Key Vault RESTful services are used for automated endpoint enrollment.

New Privileges to Enable Regular Administrators to Manage Endpoints and Endpoint Groups

Oracle Key Vault RESTful services are used for automated endpoint enrollment.

Oracle Key Vault regular users can now be authorized to manage endpoints and endpoint groups without having to grant them administrative roles. Previously, the user required the System Administrator role to manage endpoints and Key Administrator role to manage endpoint groups. These are powerful administrative roles. Not all Oracle Key Vault operations necessarily require all the functionality provided by these administrative roles. Users setting up the Oracle Key Vault endpoints using RESTful services need privileges for endpoint enrollment, provisioning and endpoint group setup. With Oracle Key Vault release 18.6, a regular user can be granted create endpoint, manage endpoint, create endpoint group and manage endpoint groups privileges to do just that. Furthermore, the new privileges enable isolation among users managing different set of endpoints and endpoint groups. These users get full control on the management of a set of endpoints and endpoint groups that they are authorized to manage, but they cannot affect any other endpoints or endpoint groups, unlike users with the administrative roles.

Changes for Oracle Key Vault Release 18.5

Oracle Key Vault release 18.5 introduces the following new features.

• Support for Longer Names of Wallets, Users, User Groups, Endpoints, and Endpoint Groups
  Starting with this release, the length of names of wallets, users, user groups, endpoints, and endpoint groups have been increased to 120 bytes in order to accommodate the longer system generated names.
• Ability to Download okvrestservices.jar from Enroll Endpoint & Software Download Page
  You can now download the okvrestservices.jar file, from the Enroll Endpoint & Software Download page of the Oracle Key Vault management console.
• RESTful APIs to Determine the Oracle Key Vault Deployment Type, Server Version, and Object Existence
  A new RESTful API, get_system_info, and an enhanced API, check_object_status, have been added to Oracle Key Vault.

Support for Longer Names of Wallets, Users, User Groups, Endpoints, and Endpoint Groups

Starting with this release, the length of names of wallets, users, user groups, endpoints, and endpoint groups have been increased to 120 bytes in order to accommodate the longer system generated names.

In previous releases, Oracle Key Vault identifier names for wallets, endpoints, endpoint groups, users, and user groups were limited to 30 bytes for users in standalone or primary-standby deployments. In cluster deployments, the identifiers were further limited to 24 bytes since the last 6 bytes were used for name conflict resolution. Systems that need automation, for example, databases deployed in the cloud, can make use of system generated identifiers for these object names. 24 bytes was too short for these names.

In a multi-master cluster configuration, until all the nodes in the cluster are upgraded to release 18.5 or later, you will not be allowed to create these entities with names longer than 30 bytes. If you attempt to do so, an error will be displayed on the user interface.

Ability to Download okvrestservices.jar from Enroll Endpoint & Software Download Page

You can now download the okvrestservices.jar file, from the Enroll Endpoint & Software Download page of the Oracle Key Vault management console.

Prior to Oracle Key Vault release 18.5, you could only download the rest utility, okvrestservices.jar, after logging in to the Oracle Key Vault web console. There was no way to download the okvrestservices.jar file by using tools like wget without first logging into Oracle Key Vault. Starting with release 18.5, you can download the okvrestservices.jar file from the Enroll Endpoint and Download Software page of the Oracle Key Vault web console or by using tools like the wget or curl.

RESTful APIs to Determine the Oracle Key Vault Deployment Type, Server Version, and Object Existence

A new RESTful API, get_system_info, and an enhanced API, check_object_status, have been added to Oracle Key Vault.

The new RESTful API, get_system_info, was added and returns the client tool version, the server version, and the deployment mode. The deployment modes values are Standalone, Primary-Standby, and Cluster.

The existing RESTful API, check_object_status, was enhanced to return the status for an endpoint, endpoint group, or wallet. You must supply the object name to the API or alternatively the UUID if running in cluster mode. The status returned is either Object_Type does not exist or Object_Type exists, where Object_Type is Endpoint, Endpoint Group, or Wallet.