4 Access Management Commands
You can use the access management commands to manage wallets and endpoint groups.
- okv manage-access endpoint-group add-endpoint Command
 Theokv manage-access endpoint-group add-endpointcommand adds an existing endpoint to an endpoint group.
- okv manage-access endpoint-group check-status Command
 Theokv manage-access endpoint-group check-statuscommand checks the naming conflict resolution status of an endpoint group in a multi-master cluster.
- okv manage-access endpoint-group create Command
 Theokv manage-access endpoint-group createcommand creates a new endpoint group.
- okv manage-access endpoint-group delete Command
 Theokv manage-access endpoint-group deletecommand deletes an endpoint group.
- okv manage-access endpoint-group get Command
 Theokv manage-access endpoint-group getcommand retrieves detailed information about an endpoint group, such as its member endpoints and wallet access.
- okv manage-access endpoint-group list Command
 Theokv manage-access endpoint-group listcommand retrieves a list of endpoint groups and their associated information.
- okv manage-access endpoint-group remove-endpoint Command
 Theokv manage-access endpoint-group remove-endpointcommand removes an endpoint from an endpoint group.
- okv manage-access endpoint-group update Command
 Theokv manage-access endpoint-group updatecommand changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique.
- okv manage-access wallet add-access Command
 Theokv manage-access wallet add-accesscommand grants an endpoint or an endpoint group a level of access to a wallet.
- okv manage-access wallet add-object Command
 Theokv manage-access wallet add-objectcommand adds a security object to a wallet.
- okv manage-access wallet check-status Command
 Theokv manage-access wallet check-statuscommand checks the naming conflict resolution status of a wallet in a multi-master cluster.
- okv manage-access wallet create Command
 Theokv manage-access wallet createcommand creates a wallet.
- okv manage-access wallet delete Command
 Theokv manage-access wallet deletecommand deletes a wallet.
- okv manage-access wallet get Command
 Theokv manage-access wallet getcommand retrieves information about a specified wallet, such as the default wallet name and the wallet access.
- okv manage-access wallet get-default Command
 Theokv manage-access wallet get-defaultcommand gets the default wallet that has been associated with an endpoint.
- okv manage-access wallet list Command
 Theokv manage-access wallet listcommand lists wallets on which some level of access is granted to the user.
- okv manage-access wallet list-objects Command
 Theokv manage-access wallet list-objectscommand retrieves the security objects that are members of the specified wallet.
- okv manage-access wallet list-endpoint-wallets Command
 Theokv manage-access wallet list-endpoint-walletscommand lists the wallets that are associated with an endpoint.
- okv manage-access wallet remove-access Command
 Theokv manage-access wallet remove-accesscommand removes the access that an endpoint or an endpoint group has to a wallet.
- okv manage-access wallet remove-object Command
 Theokv manage-access wallet remove-objectcommand removes a security object from a wallet.
- okv manage-access wallet set-default Command
 Theokv manage-access wallet set-defaultcommand sets the default wallet for an endpoint.
- okv manage-access wallet update Command
 Theokv manage-access wallet updatecommand updates a wallet.
- okv manage-access wallet update-access Command
 Theokv manage-access wallet update-accesscommand updates the level of access that an endpoint or an endpoint group has to a wallet.
- okv manage-access wallet list-objects-wallets Command
4.1 okv manage-access endpoint-group add-endpoint Command
The okv manage-access endpoint-group add-endpoint command adds an existing endpoint to an endpoint group. 
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group add-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_member
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "add-endpoint",
    "options" : {
      "endpointGroup" : "#VALUE",
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint group. To find existing endpoint groups, run the  | 
| 
 | Required | Name of the endpoint. To find existing endpoints, run the  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group add-endpointcommand.okv manage-access endpoint-group add-endpoint --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, add_ep_to_group.json) and then edit it to add the endpoint to an endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access endpoint-group add-endpointcommand using the generated JSON file.okv manage-access endpoint-group add-endpoint --from-json add_ep_to_group.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.2 okv manage-access endpoint-group check-status Command
The okv manage-access endpoint-group check-status command checks the naming conflict resolution status of an endpoint group in a multi-master cluster. 
                  
This command is meant primarily for multi-master cluster environments. However, it is valid for other deployments and can be used to check the existence of an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group check-status --endpoint-group endpoint_group_name|--locator-id UUID
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "check-status",
    "options" : {
      "endpointGroup" : "#VALUE",
      "locatorID" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | The name of the endpoint group or the locator ID (universally unique ID (UUID)) of the endpoint group that you want to check. The  You must specify either the  To find existing endpoint groups, run the  To find the locator ID, check the output from the  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group check-statuscommand.okv manage-access endpoint-group check-status --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "endpointGroup" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example, check-status_epg.json) and then edit it so that you can check the endpoint group's status. Specify either theendpointGroupvalue or thelocatorIDvalue, but not both.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } } }
- Run the okv manage-access endpoint-group check-statuscommand using the generated JSON file.okv manage-access endpoint-group check-status --from-json check-status_epg.json Output similar to the following appears: { "result" : "Success", "value" : { "status" : "ACTIVE", "endpointGroup" : "EPG_HR" } }Output includes the name of the endpoint group if the endpoint group object is in ACTIVEstate. The endpoint group name shown here may be different from what was specified at the endpoint group creation time. If the endpoint groups with the same name are created on multiple cluster nodes, then Oracle Key Vault performs naming conflict resolution and it renames all but one endpoint groups by appending_OKVnode-idto the endpoint group name. For example, if you named the endpoint groupEPG_HR, and there is a naming conflict, then the name could beEPG_HR_OKV01.On deployments other than multi-master cluster, this command returns Successif the endpoint group exists and output does not include entries showing the endpoint group name and its state.
Parent topic: Access Management Commands
4.3 okv manage-access endpoint-group create Command
The okv manage-access endpoint-group create command creates a new endpoint group. 
                  
Required Authorization
Key Administrator role or Create Endpoint Group system privilege
Syntax
okv manage-access endpoint-group create --endpoint-group endpoint_group_name --description "endpoint group description" --unique TRUE|FALSE
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "create",
    "options" : {
      "endpointGroup" : "#VALUE",
      "description" : "#VALUE",
      "unique" : "#TRUE|FALSE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint group. See Naming Guidelines for Objects. To find existing endpoint groups, run the  | 
| 
 | Optional | A user-friendly description of the endpoint group enclosed within double quotation marks | 
| 
 | Optional | Applies to a multi-master cluster environment only. This  Valid settings are as follows: 
 | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group createcommand.okv manage-access endpoint-group create --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example, create_epg.json) and then edit it so that you can create the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "epg_hr", "description" : "HR endpoint group", "unique" : "FALSE" } } }
- Run the okv manage-access endpoint-group createcommand using the generated JSON file.okv manage-access endpoint-group create --from-json create_epg.json Output for a multi-master cluster environment appears similar to the following: { "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }You can use the locatorIDfrom this output with theokv manage-access endpoint-group check-statuscommand to display the current state of the endpoint group object. If the object status isACTIVE, then this command also displays the object name after the conflict-name resolution.
Parent topic: Access Management Commands
4.4 okv manage-access endpoint-group delete Command
The okv manage-access endpoint-group delete command deletes an endpoint group. 
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group delete --endpoint-group endpoint_group_nameJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "delete",
    "options" : {
     "endpointGroup" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint group. To find existing endpoint groups, run the  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group deletecommand.okv manage-access endpoint-group delete --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "#VALUE" } } }
- Save the generated input to a file (for example, delete_epg.json) and then edit it so that you can delete the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "epg_hr" } } }
- Run the okv manage-access endpoint-group deletecommand using the generated JSON file.okv manage-access endpoint-group delete --from-json delete_epg.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.5 okv manage-access endpoint-group get Command
The okv manage-access endpoint-group get command retrieves detailed information about an endpoint group, such as its member endpoints and wallet access.
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group get --endpoint-group endpoint_group_nameJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "get",
    "options" : {
             "endpointGroup" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint group. To find existing endpoint groups, run the  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group getcommand.okv manage-access endpoint-group get --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "get", "options" : { "endpointGroup" : "#VALUE" } } }
- Save the generated input to a file (for example, get_ep_group.json) and then edit it to specify the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "get", "options" : { "endpointGroup" : "hr_ep_grp" } } }
- Run the okv manage-access endpoint-group getcommand using the generated JSON file.okv manage-access endpoint-group get --from-json get_ep_group.json Output similar to the following appears: { "result" : "Success", "value" : { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-14 13:09:14", "description" : "", "endpointGroup" : "HR_EP_GRP", "endpointGroupMembers" : [ { "description" : "", "endpoint" : "HR_DB_EP_1" }, { "description" : "", "endpoint" : "HR_DB_EP_2" } ], "walletAccess" : [ { "access" : "RO_MW", "wallet" : "hr_wallet" } ] } }
Parent topic: Access Management Commands
4.6 okv manage-access endpoint-group list Command
The okv manage-access endpoint-group list command retrieves a list of endpoint groups and their associated information.
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group list --limit number_of_endpointsJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "list",
    "options" : {
             "limit" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Optional | Number of endpoint groups to list. Enter any whole number from  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group listcommand.okv manage-access endpoint-group list --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "list", "options" : { "limit" : "#VALUE" } } }
- Save the generated input to a file (for example,
            list_ep_groups.json) and then edit it to specify the number of records for the output.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "list", "options" : { "limit" : "3" } } }
- Run the okv manage-access endpoint-group listcommand using the generated JSON file.okv manage-access endpoint-group list --from-json list_ep_groups.json Output similar to the following appears: { "result" : "Success", "value" : { "endpointGroups" : [ { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-14 13:09:14", "description" : "", "endpointGroup" : "EPG_HR" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-16 19:29:03", "description" : "", "endpointGroup" : "SALES_DB_EPG" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-16 19:29:17", "description" : "", "endpointGroup" : "ORDERS_DB_EPG" } ] } }
Parent topic: Access Management Commands
4.7 okv manage-access endpoint-group remove-endpoint Command
The okv manage-access endpoint-group remove-endpoint command removes an endpoint from an endpoint group.
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group remove-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_name
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "remove-endpoint",
    "options" : {
      "endpointGroup" : "#VALUE",
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint group that you want to remove. To find existing endpoints, run the  | 
| 
 | Required | Name of the endpoint that is associated with the endpoint group. To find existing endpoints, run the  | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group remove-endpointcommand.okv manage-access endpoint-group remove-endpoint --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, remove_ep_from_epg.json) and then edit it to remove the endpoint from the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access endpoint-group remove-endpointcommand using the generated JSON file.okv manage-access endpoint-group remove-endpoint --from-json remove_ep_from_epg.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.8 okv manage-access endpoint-group update Command
The okv manage-access endpoint-group update command changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique. 
                  
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group update --endpoint-group endpoint_group_name --description "description" --name new_endpoint_group_name --unique TRUE|FALSE
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "endpoint-group",
    "action" : "update",
    "options" : {
      "endpointGroup" : "#VALUE",
      "name" : "#VALUE",
      "description" : "#VALUE",
      "unique" : "#TRUE|FALSE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Current name of the endpoint group. To find existing endpoint groups, run the  | 
| 
 | Optional | A user-friendly description of the endpoint group enclosed within double quotation marks | 
| 
 | Optional | New endpoint group name. See Naming Guidelines for Objects. | 
| 
 | Optional | Applies to a multi-master cluster environment only. This  Valid settings are as follows: 
 | 
JSON Example
- Generate JSON input for the okv manage-access endpoint-group updatecommand.okv manage-access endpoint-group update --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example, epg_update.json) and then edit it so that you can update the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "epg_hr", "name" : "epg_hr_global", "description" : "Global HR Endpoint Group", "unique" : "FALSE" } } }
- Run the okv manage-access endpoint-group updatecommand using the generated JSON file.okv manage-access endpoint-group update --from-json epg_update.json Output similar to the following appears: { "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }This example shows the output for renaming an endpoint group in a multi-master cluster. On renaming, an endpoint group is placed into the PENDINGstate for the duration of the naming conflict resolution.You can use the locatorIDfrom this output with theokv manage-access endpoint-group check-statuscommand to display the current state of the endpoint group object. If the object status isACTIVE, then this command also displays the object name after the conflict-name resolution.Unless you renamed the endpoint group in a multi-master cluster, the status and locatorIDentries are not included in the output.
Parent topic: Access Management Commands
4.9 okv manage-access wallet add-access Command
The okv manage-access wallet add-access command grants an endpoint or an endpoint group a level of access to a wallet.
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW)
            permission on the wallet
                     
Syntax
okv manage-access wallet add-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{
  "service": {
    "category": "manage-access",
    "resource": "wallet",
    "action": "add-access",
    "options": {
      "wallet": "#VALUE",
      "endpointGroup": "#VALUE",
      "endpoint": "#VALUE",
      "access": "#RO|RM|RO_MW|RM_MW"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 or 
 | Required | Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find registered endpoints, run the  | 
| 
 | Required | Enter one of the following values: 
 | 
JSON Example
- Generate JSON input for the okv manage-access wallet add-accesscommand.okv manage-access wallet add-access --generate-json-input The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both. { "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "#VALUE", "endpointGroup": "#VALUE", "endpoint": "#VALUE", "access": "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example, add_access_wallet.json) and then edit it so that you can add wallet access to the endpoint or endpoint group. The following example is for the wallet access to an endpoint only.{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "hr_wallet", "endpoint": "hr_db_ep", "access": "RO" } } }
- Run the okv manage-access wallet add-accesscommand using the generated JSON file.okv manage-access wallet add-access --from-json add_access_wallet.json Output similar to the following appears: { "result": "Success" }
Parent topic: Access Management Commands
4.10 okv manage-access wallet add-object Command
The okv manage-access wallet add-object command adds a security object to a wallet.
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or have read-modify permission on the object and manage wallet (MW) permission on the wallet.
                     
Syntax
okv manage-access wallet add-object --wallet wallet_name --uuid uuid
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "add-object",
    "options" : {
           "wallet" : "#VALUE",
           "uuid" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 | Required | Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. | 
JSON Example
- Generate JSON input for the okv manage-access wallet add-objectcommand.okv manage-access wallet add-object --generate-json-input The generated input appears as follows. { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "add-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example, add_obj_wallet.json) and then edit it to specify the object to add to the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "add-object", "options" : { "wallet" : "hr_wallet", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } } }
- Run the okv manage-access wallet add-objectcommand using the generated JSON file.okv manage-access wallet add-object --from-json add_object_wallet.json Output similar to the following appears: { "result": "Success" }
Parent topic: Access Management Commands
4.11 okv manage-access wallet check-status Command
The okv manage-access wallet check-status command checks the naming conflict resolution status of a wallet in a multi-master cluster. 
                  
This command is meant primarily for multi-master cluster environments. However, it is valid for other deployments and can be used to check the existence of a wallet.
This command uses a user name and password for the authentication.
Required Authorization
None, but the user only gets the status for the wallets to which he or she has access.
Syntax
okv manage-access wallet check-status --wallet wallet_name|--locator-id UUID
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "check-status",
    "options" : {
      "wallet" : "#VALUE",
      "locatorID" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Optional | The name of the wallet or the locator ID (universally unique ID (UUID)) of the wallet that you want to check. The  You must specify either the  To find the names of existing wallets to which you
            have access, run the  To find the locator ID, check the output of the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet check-statuscommand.okv manage-access wallet check-status --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "wallet" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example, check_wallet.json) and then edit it so that you can check the status of the wallet. Specify either thewalletvalue or thelocatorIDvalue, but not both.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } } }
- Run the okv manage-access wallet check-statuscommand using the generated JSON file.okv manage-access wallet check-status --from-json check_wallet.json Output similar to the following appears: { "result" : "Success", "value" : { "status" : "ACTIVE", "wallet" : "hr_wallet" } }Output includes the name of the wallet if the wallet object is in ACTIVEstate. The wallet name shown here may be different from what was specified at the wallet creation time. If the wallets with the same name are created on multiple cluster nodes, Oracle Key Vault performs naming conflict resolution and it renames all but one wallets by appending_OKVnode-idto the wallet name. For example, if you named the walletHR_WALLET, and there is a naming conflict, the name could beHR_WALLET_OKV01.On deployments other than multi-master cluster, this command returns Successif the wallet exists and output does not include entries showing the wallet name and its state.
Parent topic: Access Management Commands
4.12 okv manage-access wallet create Command
The okv manage-access wallet create command creates a wallet. 
                  
This command uses a user name and password for the authentication.
Required Authorization
None
Syntax
okv manage-access wallet create [--description <description>] [--ssh-server-host-user <ssh-server-host-user>] [--type <type>] [--unique <unique>] --wallet <wallet>
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "create",
    "options" : {
      "wallet" : "#VALUE",
      "type" : "#GENERAL|SSH_SERVER",
      "description" : "#VALUE",
      "unique" : "#TRUE|FALSE",
      "sshServerHostUser" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  Ensure that you follow the naming guidelines for objects. | 
| 
 | Optional | A user-friendly description for the wallet, enclosed within double quotation marks | 
| 
 | Optional | Applies to a multi-master cluster environment only. This  Valid settings are as follows: 
 | 
| --ssh-server-host-user/
                  sshServerHostUser | Optional |  The user on the SSH Server for whom this wallet is intended to authorize SSH
                  access. It can be used only for | 
| --type/<type> | Optional |  The type of wallet to create: 
                                        
 | 
JSON Example
- Generate JSON input for the okv manage-access wallet createcommand.okv manage-access wallet create --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "#VALUE", "type" : "#GENERAL|SSH_SERVER", "description" : "#VALUE", "unique" : "#TRUE|FALSE", "sshServerHostUser" : "#VALUE" } } }
- Save the generated input to a file (for example,
          create_wallet.json) and then edit it so that you can create the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "hr_wallet", "description" : "wallet for HR endpoint", "unique" : "FALSE" } } }
- Run the okv manage-access wallet createcommand using the generated JSON file.okv manage-access wallet create --from-json create_wallet.json Output for a multi-master cluster environment appears similar to the following: { "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }You can use the locatorIDfrom this output with theokv manage-access wallet check-statuscommand to display the current state of the wallet object. If the object status isACTIVE, then this command also displays the object name after the conflict-name resolution.
Parent topic: Access Management Commands
4.13 okv manage-access wallet delete Command
The okv manage-access wallet delete command deletes a wallet. 
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW)
            permission on the wallet
                     
Syntax
okv manage-access wallet delete --wallet wallet_name 
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "delete",
    "options" : {
      "wallet" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet deletecommand.okv manage-access wallet delete --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "delete", "options" : { "wallet" : "#VALUE" } } }
- Save the generated input to a file (for example, del_wallet.json) and then edit it to specify the wallet to delete from Oracle Key Vault.{ "service" : { "category" : "manage-access", "resource ": "wallet", "action" : "delete", "options" : { "wallet" : "hr_wallet" } } }
- Run the okv manage-access wallet deletecommand using the generated JSON file.okv manage-access wallet delete --from-json del_wallet.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.14 okv manage-access wallet get Command
The okv manage-access wallet get command retrieves information about a specified wallet, such as the default wallet name and the wallet access.
                  
This command uses a user name and password for the authentication.
Required Authorization
None
Syntax
okv manage-access wallet get --wallet wallet_nameJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "get",
    "options" : {
      "wallet" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet getcommand.okv manage-access wallet get --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get", "options" : { "wallet" : "#VALUE" } } }
- Save the generated input to a file (for example, get_wallet.json) and then edit it to specify the name of the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get", "options" : { "wallet" : "hr_wallet" } } }
- Run the okv manage-access wallet getcommand using the generated JSON file.okv manage-access wallet get --from-json get_wallet.json Output similar to the following appears: { "result" : "Success", "value" : { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-30 19:40:59", "description" : "", "wallet" : "hr_wallet", "walletAccess" : { "endpointAccess" : [ { "access" : "RO_MW", "defaultWallet" : "", "subjectName" : "HR_DB_EP1", "type" : "Direct" }, { "access" : "RO", "defaultWallet" : "TRUE", "subjectName" : "HR_DB_EP2", "type" : "Direct" } ], "endpointGroupAccess" : [ { "access" : "RO_MW", "subjectName" : "HR_DB_EPG" } ], "userAccess" : [ { "access" : "RO", "subjectName" : "Paul Hill" } ], "userGroupAccess" : [ { "access" : "RO", "subjectName" : "HR_GROUP_1" } ] } } }
Parent topic: Access Management Commands
4.15 okv manage-access wallet get-default Command
The okv manage-access wallet get-default command gets the default wallet that has been associated with an endpoint.
                  
This command uses a user name and password for the authentication.
Required Authorization
None, but the default wallet information for the endpoint is returned if the user has some level of access on that wallet.
Syntax
okv manage-access wallet get-default --endpoint endpoint_nameJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "get-default",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Name of the endpoint. To find existing endpoints, run the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet get-defaultcommand.okv manage-access wallet get-default --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, get_def_wallet.json) and then edit it to retrieve the default wallet that is associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access wallet get-defaultcommand using the generated JSON file.okv manage-access wallet get-default --from-json get_def_wallet.json Output similar to the following appears: { "result" : "Success", "value" : { "defaultWallet" : "HR_WALLET" } }
Parent topic: Access Management Commands
4.16 okv manage-access wallet list Command
The okv manage-access wallet list command lists wallets on which some level of access is granted to the user.
                  
Required Authorization
None
Syntax
okv manage-access wallet list --limit number_of_walletsJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "list",
    "options" : {
      "type" : "#GENERAL|SSH_SERVER",
      "limit" : "#VALUE"
    }
  }
}
Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Optional | Number of wallets to list. Enter any whole number from  | 
| --type/ type | Optional | Type of the wallet. The allowed values are:
                                        
 You can also specify a combination of comma separated values. The filter is applied to each value independently, and the combined results returned effectively supporting an OR operation. | 
JSON Example
- Generate JSON input for the okv manage-access wallet listcommand.okv manage-access wallet list --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list", "options" : { "type" : "#GENERAL|SSH_SERVER", "limit" : "#VALUE" } } }
- Save the generated input to a file (for example, list_wallets.json) and then edit it to specify the number of records.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list", "options" : { "limit" : "3" } } }
- Run the okv manage-access wallet listcommand using the generated JSON file.okv manage-access wallet list --from-json list_wallets.json Output similar to the following appears: { "result" : "Success", "value" : { "fetchedObjectCount" : "3", "wallets" : [ { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-13 15:22:02", "description" : "", "wallet" : "HR_WALLET", "type" : "GENERAL" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-30 19:40:59", "description" : "", "wallet" : "sales_wallet", "type" : "GENERAL" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-09-13 04:55:06", "description" : "", "wallet" : "ORDERS_WALLET", "type" : "GENERAL" } ] } }
Parent topic: Access Management Commands
4.17 okv manage-access wallet list-objects Command
The okv manage-access wallet list-objects command retrieves the security objects that are members of the specified wallet.
                  
Required Authorization
The user must have some level of access on the wallet.
Syntax
okv manage-access wallet list-objects [--exclude-wallet-membership <exclude-wallet-membership>] [--limit <limit>] [--state <state>] [--type <type>] --wallet <wallet>
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "list-objects",
    "options" : {
      "wallet" : "#VALUE",
      "state" : "#PRE-ACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED",
      "type" : "#CERTIFICATE|OPAQUE|PRIVATE_KEY|PUBLIC_KEY|SECRET|SYMMETRIC_KEY",
      "limit" : "#VALUE",
      "excludeWalletMembership" : "#TRUE|FALSE"
    }
  }
} 
Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 | Optional | Number of objects to list for the specified wallet. Enter any whole number from  | 
| 
 | Optional | Controls whether wallet membership information for each object is include in the output. 
 | 
| --type/ type | Optional | Type of the security object. The allowed values are: 
 You can also specify a combination of comma separated values. The filter is applied to each value independently, and the combined results returned effectively supporting an OR operation. | 
| 
 | Optional | State of the security object. The allowed values are: 
 You can also specify a combination of comma separated values. The filter is applied to each value independently, and the combined results returned effectively supporting an OR operation. | 
JSON Example
- Generate JSON input for the okv manage-access wallet list-objectscommand.okv manage-access wallet list-objects --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-objects", "options" : { "wallet" : "#VALUE", "state" : "#PRE-ACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED", "type" : "#CERTIFICATE|OPAQUE|PRIVATE_KEY|PUBLIC_KEY|SECRET|SYMMETRIC_KEY", "limit" : "#VALUE", "excludeWalletMembership" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example, list_wallet_obj.json) and then edit it to specify a number of objects for the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-objects", "options" : { "wallet" : "hr_wallet", "limit" : "2" "excludeWalletMembership" : "FALSE" } } }
- Run the okv manage-access wallet list-objectscommand using the generated JSON file.okv manage-access wallet list-objects --from-json list_wallet_obj.json Output similar to the following appears: { "result" : "Success", "value" : { "fetchedObjectCount" : "2", "managedObjects" : [ { "creatingEndpoint" : "HR_DB_EP", "creationDate" : "2021-07-26 20:19:32", "deactivationDate" : "2029-12-25 15:11:11", "displayName" : "X.509 Certificate: DN EMAILADDRESS=psmith@example.com, CN=vienna, OU=Security, O=Oracle, L=Reston, ST=VA, C=US", "name" : "ps1009", "protectStopDate" : "2029-12-25 15:11:11", "state" : "Pre-Active", "type" : "Certificate", "uuid" : "975F17DF-11C1-4F16-BFBC-28E9C200C99F" }, { "creatingEndpoint" : "EMP_DB_EP", "creationDate" : "2021-06-30 21:01:48", "deactivationDate" : "", "displayName" : "Symmetric Key: Name psc7", "name" : "ps100,ps3,psa5,psb6,psc7", "protectStopDate" : "", "state" : "Active", "type" : "Symmetric Key", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } ] } }
Parent topic: Access Management Commands
4.18 okv manage-access wallet list-endpoint-wallets Command
The okv manage-access wallet list-endpoint-wallets command lists the wallets that are associated with an endpoint. 
                  
This command uses a user name and password for the authentication.
Required Authorization
None, but this command returns information about only those wallets on which user has some level of access.
Syntax
okv manage-access wallet list-endpoint-wallets --endpoint endpoint_nameJSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "list-endpoint-wallets",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | The name of the endpoint. To find existing endpoints, run the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet list-endpoint-walletscommand.okv manage-access wallet list-endpoint-wallets --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, list_ep_wallets.json) and then edit it so that you can find the wallets that are associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access wallet list-endpoint-walletscommand using the generated JSON file.okv manage-access wallet list-endpoint-wallets --from-json list_ep_wallets.json Output similar to the following appears: { "result" : "Success", "value" : { "wallets" : [ "WALLET10", "WALLET11" ] } }
Parent topic: Access Management Commands
4.19 okv manage-access wallet remove-access Command
The okv manage-access wallet remove-access command removes the access that an endpoint or an endpoint group has to a wallet. 
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW)
            permission on the wallet
                     
Syntax
okv manage-access wallet remove-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "remove-access",
    "options" : {
      "wallet" : "#VALUE",
      "endpointGroup" : "#VALUE",
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 or 
 | Required | Name of the endpoint or endpoint group. To find existing endpoints, run the  | 
JSON Example
- Generate JSON input for the okv manage-access wallet remove-accesscommand.okv manage-access wallet remove-access --generate-json-input The generated input appears as follows. This output includes the entire output, for both the endpoint and endpoint group. When you edit it, you must include the entry for either the endpoint or the endpoint group, but not both. { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, remove_wallet_access_ep.json) and then edit it so to remove wallet access from the endpoint or an endpoint group. The following example shows how to remove access from an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access wallet remove-accesscommand using the generated JSON file.okv manage-access wallet remove-access --from-json remove_wallet_access_ep.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.20 okv manage-access wallet remove-object Command
The okv manage-access wallet remove-object command removes a security object from a wallet.
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or have read-modify permission on the object and manage wallet (MW) permission on the wallet.
                     
Syntax
okv manage-access wallet remove-object --wallet wallet_name --uuid uuid
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "remove-object",
    "options" : {
           "wallet" : "#VALUE",
           "uuid" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 | Required | Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. | 
JSON Example
- Generate JSON input for the okv manage-access wallet remove-objectcommand.okv manage-access wallet remove-object --generate-json-input The generated input appears as follows. { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example, remove_wallet_obj.json) and then edit it to specify the object to be removed from the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-object", "options" : { "wallet" : "hr_wallet", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } } }
- Run the okv manage-access wallet remove-objectcommand using the generated JSON file.okv manage-access wallet remove-object --from-json remove_wallet_obj.json Output similar to the following appears: { "result": "Success" }
Parent topic: Access Management Commands
4.21 okv manage-access wallet set-default Command
The okv manage-access wallet set-default command sets the default wallet for an endpoint. 
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or Manage Endpoint privilege for the endpoint and Full Wallet privileges on the wallet
Syntax
okv manage-access wallet set-default --wallet wallet_name --endpoint endpoint_name
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "set-default",
    "options" : {
      "wallet" : "#VALUE",
      "endpoint" : "#VALUE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 | Required | Name of the endpoint. To find existing endpoints, run the  | 
JSON Example
- Generate the JSON input for the okv manage-access wallet set-defaultcommand.okv manage-access wallet set-default --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example, set_def_wallet.json) and then edit it to set the default wallet for the endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Run the okv manage-access wallet set-defaultcommand using the generated JSON file.okv manage-access wallet set-default --from-json set_def_wallet.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.22 okv manage-access wallet update Command
The okv manage-access wallet update command updates a wallet. 
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW)
            permission on the wallet
                     
Syntax
okv manage-access wallet update --wallet wallet_name --name new_wallet_name --description description --unique TRUE|FALSE  
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "update",
    "options" : {
      "wallet" : "#VALUE",
      "name" : "#VALUE",
      "description" : "#VALUE",
      "unique" : "#TRUE|FALSE"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 | Optional | A new name for the wallet. See Naming Guidelines for Objects. | 
| 
 | Optional | A user-friendly description for the wallet, enclosed within double quotation marks | 
| 
 | Optional | Applies to a multi-master cluster environment only. This  Valid settings are as follows: 
 | 
JSON Example
- Generate JSON input for the okv manage-access wallet updatecommand.okv manage-access wallet update --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
          update_wallet.json) and then edit it to update the name and description of a wallet. This example shows how to update the name of a wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "hr_wallet", "name" : "global_hr_wallet", "unique" : "FALSE" } } }
- Run the okv manage-access wallet updatecommand using the generated JSON file.okv manage-access wallet update --from-json update_wallet.json Output similar to the following appears: { "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }This example shows the output for renaming a wallet in a multi-master cluster. On renaming, a wallet is placed into the PENDINGstate for the duration of the naming conflict resolution.Unless you renamed the wallet in a multi-master cluster, the status and locatorID entries are not included in the output. 
Related Topics
Parent topic: Access Management Commands
4.23 okv manage-access wallet update-access Command
The okv manage-access wallet update-access command updates the level of access that an endpoint or an endpoint group has to a wallet. 
                  
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW)
            permission on the wallet
                     
Syntax
okv manage-access wallet update-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "update-access",
    "options" : {
      "wallet" : "#VALUE",
      "endpointGroup" : "#VALUE",
      "endpoint" : "#VALUE",
      "access" : "#RO|RM|RO_MW|RM_MW"
    }
  }
}Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Wallet name. To find the names of existing wallets to which
            you have access, run the  | 
| 
 or 
 | Required | Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find existing endpoints, run the  | 
| 
 | Required | Enter one of the following values: 
 | 
JSON Example
- Generate JSON input for the okv manage-access wallet update-accesscommand.okv manage-access wallet update-access --generate-json-input The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both. { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE", "access" : "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example, update_wallet_access_ep.json) and then edit it to update the wallet access to an endpoint or an endpoint group. This example shows how to update access of a wallet to an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep", "access" : "RM" } } }
- Run the okv manage-access wallet update-accesscommand using the generated JSON file.okv manage-access wallet update-access --from-json update_wallet_access_ep.json Output similar to the following appears: { "result" : "Success" }
Parent topic: Access Management Commands
4.24 okv manage-access wallet list-objects-wallets Command
Required Authorization
None
Syntax
okv manage-access wallet list-object-wallets --uuid uuid
                     JSON Input File Template
okv manage-access wallet list-object-wallets --generate-json-input
{
  "service" : {
    "category" : "manage-access",
    "resource" : "wallet",
    "action" : "list-object-wallets",
    "options" : {
      "uuid" : "#VALUE"
    }
  }
}
                     Parameters
| Parameter/Template Parameter | Required? | Description | 
|---|---|---|
| 
 | Required | Universally unique ID (UUID) of the security object. | 
JSON Example
- Generate the JSON input for the okv manage-access wallet list-objects-walletscommand.okv manage-access wallet list-object-wallets --generate-json-input The generated input appears as follows: { "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-object-wallets", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
                        list_object_by_wallet.json) and then edit it so that you can find the wallets that are associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-object-wallets", "options" : { "uuid" : "23ED3089-B341-43BF-8FB3-432ADFC7511F" } } }
- Run the okv manage-access wallet list-objects-walletscommand using the generated JSON file.okv manage-access wallet list-objects-wallets --from-json list_object_by_wallet.json Output similar to the following appears: { "result" : "Success", "value" : { "wallets" : [ "okv_rac_wallet1" ] } }
Parent topic: Access Management Commands