Changes in This Release for Oracle Key Vault

This Oracle Key Vault release introduces new features that enhance the use of Oracle Key Vault in a large enterprise.

• Changes for Oracle Key Vault Release 21.2
  Oracle Key Vault release 21.2 introduces several new features.
• Changes for Oracle Key Vault Release 21.1
  Oracle Key Vault release 21.1 introduces several new features.

Changes for Oracle Key Vault Release 21.2

Oracle Key Vault release 21.2 introduces several new features.

• Certificate and Secret Objects Expiration Alerts
  In Oracle Key Vault release 21.2, you can configure alert notifications for the expiration of certificate and secret objects.
• New and Changed RESTful Services Utility Commands
  In Oracle Key Vault release 212, several new and changed okv managed-object RESTful services utility commands are available.
• Changes in the Oracle Key Vault Management Console
  In Oracle Key Vault release 21.2, the Oracle Key Vault management console user interface has had minor changes throughout.
• Oracle Key Vault Installation and Upgrade Guide
  In Oracle Key Vault release 21.2, information about installing and upgrading Oracle Key Vault is now in its own guide, Oracle Key Vault Installation and Upgrade Guide.

Certificate and Secret Objects Expiration Alerts

In Oracle Key Vault release 21.2, you can configure alert notifications for the expiration of certificate and secret objects.

In previous releases, expiration alerts for all managed objects shared a common configuration under the Key Rotations alert. Starting with this release, you can separately configure the expiration alerts for certificate and secret objects. The expiration alerts for the certificate and secret objects are no longer reported as Key Rotations alerts. Similar to alerts such as those for cluster components or user password expiration, you can set this type of alert to notify users when the deactivation date for a certificate or secret object is within its threshold value.

The new alerts for certificate and secret objects are as follows:

• Certificate Object Expiration
• Secret Object Expiration

The object expiration alerts are now raised only when the object is in the PRE-ACTIVE or ACTIVE state. Previously, they were raised regardless of the object state.

The object expiration alerts are now deleted when an object is revoked or destroyed. Previously, they were deleted when object was destroyed.

New and Changed RESTful Services Utility Commands

In Oracle Key Vault release 212, several new and changed okv managed-object RESTful services utility commands are available.

The new okv managed-object RESTful services commands, which add support for get and register operations for certificate requests, private keys, and public keys, are as follows:

• okv managed-object certificate-request get
• okv managed-object certificate-request register
• okv managed-object private-key get
• okv managed-object private-key register
• okv managed-object public-key get
• okv managed-object public-key register

The changed okv managed-object RESTful services commands are as follows:

• okv managed-object certificate register
• okv managed-object object locate

Changes in the Oracle Key Vault Management Console

In Oracle Key Vault release 21.2, the Oracle Key Vault management console user interface has had minor changes throughout.

These changes are the result of modified terms, updates to the current release, and enhancements for better usability. The overall interface has not had major changes.

Oracle Key Vault Installation and Upgrade Guide

In Oracle Key Vault release 21.2, information about installing and upgrading Oracle Key Vault is now in its own guide, Oracle Key Vault Installation and Upgrade Guide.

This guide covers installation requirements, how to install Oracle Key Vault and perform post-installation tasks, and how to upgrade Oracle Key Vault in standalone, multi-master cluster, and primary-standby deployments. This guide also explains how to get started using Oracle Key Vault, such as logging in, accessing the Oracle Key Vault management console, and how to perform actions and searches.

In previous releases, this information was in Oracle Key Vault Administrator's Guide.

Changes for Oracle Key Vault Release 21.1

Oracle Key Vault release 21.1 introduces several new features.

• Dual NIC Network Interface Support
  Starting with this release, Oracle Key Vault supports the use of two network interfaces, referred to as dual NIC configuration.
• LDAP User Authentication and Authorization in Oracle Key Vault
  Starting with this release, you can configure authentication and authorization of Oracle Key Vault users to be centrally managed in a Microsoft Active Directory.
• RESTful Services Utility Command-Line Interface for Appliance Management
  In Oracle Key Vault release 21.1, the the RESTful service command-line interface has been expanded and redesigned to provide more functionality.
• Support for SFTP to Transfer External Backups
  Oracle Key Vault now supports the use of SSH Secure File Transfer Protocol (SFTP) for the transfer of (scheduled) external backups to remote backup destinations.
• Development Using the Java SDK
  This release introduces a new Java language software development kit that you can use to integrate custom endpoints with the Oracle Key Vault server.
• Development Using the C SDK
  This release introduces a new C language software development kit that you can use to integrate custom endpoints with the Oracle Key Vault server.

Dual NIC Network Interface Support

Starting with this release, Oracle Key Vault supports the use of two network interfaces, referred to as dual NIC configuration.

In a dual NIC configuration, Oracle Key Vault combines the two network interfaces into a single logical interface using the Linux NIC bonding mechanism to provide redundancy at the network layer. The dual NIC configuration maintains the network availability of an Oracle Key Vault in case one of the interfaces becomes unavailable. Depending upon the dual NIC configuration mode, load balancing of the network traffic may also be achieved.

This type of configuration is particularly useful in large Oracle Key Vault deployments where need for operational continuity is higher despite physical or software failures. Configuring a dual NIC network interface helps to avoid the scenario where, for example, a network interface associated with an Oracle Key Vault server becomes unavailable, which can result in a loss of communication between the Oracle Key Vault nodes and between endpoints and Oracle Key Vault server.

In previous releases, Oracle Key Vault supported only one network interface. When you install and configure Oracle Key Vault in this release, you have the option of using a single network interface (Classic mode) or using dual NIC mode.

LDAP User Authentication and Authorization in Oracle Key Vault

Starting with this release, you can configure authentication and authorization of Oracle Key Vault users to be centrally managed in a Microsoft Active Directory.

This feature benefits large deployment environments where enterprise users are centrally managed in a Microsoft Active Directory. Centrally managing users, as opposed to creating user accounts in different systems and applications, is not only easier and more efficient for administrators, it improves compliance, control, and security. You enable the Microsoft Active Directory users to authenticate with Oracle Key Vault through the use of their directory credentials. You manage the authorization of the directory users in Oracle Key Vault through mapping definitions between Microsoft Active Directory groups and Oracle Key Vault administrative roles or user groups. When a directory user successfully logs in to Oracle Key Vault the first time, Oracle Key Vault automatically creates an Oracle Key Vault user account for this user.

RESTful Services Utility Command-Line Interface for Appliance Management

In Oracle Key Vault release 21.1, the the RESTful service command-line interface has been expanded and redesigned to provide more functionality.

This redesign includes the following:

• Structured and simplified command-line interface with the following format:

  okv category resource action configuration-options command-options 

• Profile support in configuration file to centrally administer multiple Oracle Key Vault endpoints.
• JSON support for command input and output.
• New commands to support system management tasks and monitoring of deployments, in addition to the enhancements for the current functionality for endpoints, wallets, and security objects.

In previous releases, the RESTful command-line interface covered only endpoint, wallet, and security object management commands. The addition of system management commands, which include commands for backup operations and server operations for standalone, multi-master, and primary-standby environments, benefits large deployments where the automation of these types of configuration is needed.

The previous RESTful services APIs are still supported.

Support for SFTP to Transfer External Backups

Oracle Key Vault now supports the use of SSH Secure File Transfer Protocol (SFTP) for the transfer of (scheduled) external backups to remote backup destinations.

SFTP enables the use of ZFS Storage Appliance as a backup destination. The use of Secure Copy Protocol (SCP) is also supported.

Development Using the Java SDK

This release introduces a new Java language software development kit that you can use to integrate custom endpoints with the Oracle Key Vault server.

The Java SDK enables developers to create their own custom endpoint integration solutions for Oracle Key Vault.

Development Using the C SDK

This release introduces a new C language software development kit that you can use to integrate custom endpoints with the Oracle Key Vault server.

The C SDK allows developers to create their own custom endpoint integration solutions for Oracle Key Vault.