3 Administration Commands
You can use the administration commands to manage client wallets and endpoints.
- Client Wallet Management Commands
You can use the client wallet management commands to manage client wallets that store user credentials. - Endpoint Management Commands
The endpoint management commands enable you to perform endpoint-related tasks such as creating or provisioning endpoints.
3.1 Client Wallet Management Commands
You can use the client wallet management commands to manage client wallets that store user credentials.
- okv admin client-wallet add Command
Theokv admin client-wallet add
command creates client walletsewallet.p12
andcwallet.sso
, if they do not exist, and adds the user's credentials into the client wallet. - okv admin client-wallet delete Command
Theokv admin client-wallet delete
command deletes a user's credentials from a client wallet. - okv admin client-wallet list Command
Theokv admin client-wallet list
command lists the users whose credentials are stored in the client wallet. - okv admin client-wallet update Command
Theokv admin client-wallet update
command updates the user's password in the client wallet.
Parent topic: Administration Commands
3.1.1 okv admin client-wallet add Command
The okv admin client-wallet add
command creates client wallets ewallet.p12
and cwallet.sso
, if they do not exist, and adds the user's credentials into the client wallet.
Required Authorization
None
Syntax
okv admin client-wallet add --client-wallet client_wallet_location --wallet-user user_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "add", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Location of the client wallet (that is, the directory where client wallet is created) |
|
Required |
User name |
JSON Example
- Generate JSON input for the
okv admin client-wallet add
command.okv admin client-wallet add --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "add", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
- Save the generated input to a file (for example,
client_wallet_add.json
) and then edit it so that you can specify the user whose password you want to add to the wallet and the client wallet location.{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "add", "options" : { "clientWallet" : "/home/oracle/okv_client_wallet", "walletUser" : "pfitch" } } }
- Execute the
okv admin client-wallet add
command using the generated JSON file.okv admin client-wallet add --from-json client_wallet_add.json
When prompted, enter the password for the user. After you enter the password, output similar to the following appears:
Password: password { "result" : "Success" }
Parent topic: Client Wallet Management Commands
3.1.2 okv admin client-wallet delete Command
The okv admin client-wallet delete
command deletes a user's credentials from a client wallet.
Required Authorization
Read-write permissions on the client wallet
Syntax
okv admin client-wallet delete client-wallet client_wallet_location --wallet-user wallet_user_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "delete", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Location of the client wallet (that is, the directory where client wallet is created) |
|
Required |
User name |
JSON Example
- Generate JSON input for the
okv admin client-wallet delete
command.okv admin client-wallet delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "delete", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
- Save the generated input to a file (for example,
client_wallet_delete.json
) and then edit it so that you can specify the name of the user to remove from the wallet and the client wallet location.{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "delete", "options" : { "clientWallet" : "/home/oracle/okv_client_wallet", "walletUser" : "pfitch" } } }
- Execute the
okv admin client-wallet delete
command using the generated JSON file.okv admin client-wallet delete --from-json client_wallet_delete.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Client Wallet Management Commands
3.1.3 okv admin client-wallet list Command
The okv admin client-wallet list
command lists the users whose credentials are stored in the client wallet.
Required Authorization
Read file permissions on the client wallet
Syntax
okv admin client-wallet list --client-wallet client_wallet_location
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "list", "options" : { "clientWallet" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Location of the client wallet (that is, the directory where client wallet is created) |
JSON Example
- Generate JSON input for the
okv admin client-wallet list
command.okv admin client-wallet list --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "list", "options" : { "clientWallet" : "#VALUE" } } }
- Save the generated input to a file (for example,
client_wallet_list.json
) and then modify it to include the client wallet location.{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "list", "options" : { "clientWallet" : "/home/oracle/okv_client_wallet" } } }
- Execute the
okv admin client-wallet list
command using the generated JSON file.okv admin client-wallet list --from-json client_wallet_list.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "walletUsers" : [ "psmith", "pfitch" ] } }
Parent topic: Client Wallet Management Commands
3.1.4 okv admin client-wallet update Command
The okv admin client-wallet update
command updates the user's password in the client wallet.
Required Authorization
Read-write file permissions on the wallet
Syntax
okv admin client-wallet update --client-wallet client_wallet_location --wallet-user user_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "update", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
Parameters
Parameter | Required? | Description |
---|---|---|
|
Required |
Location of the client wallet (that is, the directory where client wallet is created) |
|
Required |
User name |
JSON Example
- Generate JSON input for the
okv admin client-wallet update
command.okv admin client-wallet update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "update", "options" : { "clientWallet" : "#VALUE", "walletUser" : "#VALUE" } } }
- Save the generated input to a file (for example,
client_wallet_update.json
) and then edit it so that you can specify the user whose password you want to update to the wallet and the client wallet location.{ "service" : { "category" : "admin", "resource" : "client-wallet", "action" : "update", "options" : { "clientWallet" : "/home/oracle/okv_client_wallet", "walletUser" : "pfitch" } } }
- Execute the
okv admin client-wallet update
command using the generated JSON file.okv admin client-wallet update --from-json client_wallet_update.json
When prompted, enter the password for the user. After you enter the password, output similar to the following appears:
Password: password { "result" : "Success" }
Related Topics
Parent topic: Client Wallet Management Commands
3.2 Endpoint Management Commands
The endpoint management commands enable you to perform endpoint-related tasks such as creating or provisioning endpoints.
- okv admin endpoint check-status Command
Theokv admin endpoint check-status
command displays the current state of an endpoint. The state will be eitherACTIVE
orPENDING
. - okv admin endpoint create Command
Theokv admin endpoint create
command adds a new endpoint to Oracle Key Vault. - okv admin endpoint delete Command
Theokv admin endpoint delete
command removes an endpoint from Oracle Key Vault. - okv admin endpoint download Command
Theokv admin endpoint download
command downloads the endpoint software (okvclient.jar
) to the specified directory. - okv admin endpoint get-enrollment-token Command
Theokv admin endpoint get-enrollment-token
command retrieves an enrollment token for a registered endpoint. - okv admin endpoint provision Command
Theokv admin endpoint provision
command downloads and installs the endpoint software in the specified directory. - okv admin endpoint re-enroll Command
Theokv admin endpoint re-enroll
command re-enrolls a previously enrolled endpoint. - okv admin endpoint re-enroll-all Command
Theokv admin endpoint re-enroll-all
command re-enrolls all previously enrolled endpoints. - okv admin endpoint update Command
Theokv admin endpoint update
command updates the settings of an endpoint.
Parent topic: Administration Commands
3.2.1 okv admin endpoint check-status Command
The okv admin endpoint check-status
command displays the current state of an endpoint. The state will be either ACTIVE
or PENDING
.
This command is meant primarily for multi-master cluster environments. However, it is still valid for other deployments and can be used to check the existence of an endpoint.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint check-status --endpoint endpoint_name|--locator-id UUID
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "check-status", "options" : { "endpoint" : "#VALUE", "locatorID" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
The name of the endpoint or the locator ID (universally unique ID (UUID)) of the endpoint that you want to check. The You must specify either the To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. To find the locator ID in the Oracle Key Vault management console, select the Cluster tab and then in the left navigation bar, select Conflict Resolution. In the Keys, Secrets & Objects table, check the Unique Identifier column. |
JSON Example
- Generate a JSON input template for the
okv admin endpoint check-status
command.okv admin endpoint check-status --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "check-status", "options" : { "endpoint" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example,
check-status_ep.json
) and then edit it to so that you can check the endpoint. Specify either theendpoint
value or thelocatorID
value, but not both.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "check-status", "options" : { "locatorID" : "1AC9B321-6540-4F2B-809B-95FD7416999E" } } }
- Execute the
okv admin endpoint check-status
command using the generated JSON file.okv admin endpoint check-status --from-json check-status_ep.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "ACTIVE", "endpoint" : "HR_DB_EP" } }
The output includes the name of the endpoint if the endpoint object is in
ACTIVE
state. The endpoint name shown here may be different from what was specified at the endpoint creation time. If the endpoints with the same name are created on multiple cluster nodes, then Oracle Key Vault performs naming conflict resolution and it renames all but one endpoints by appending_OKVnode-id
to the endpoint name. For example, if you named the endpointHR_DB_EP
, and there is a naming conflict, then the name could beHR_DB_EP_OKV01
.On deployments other than multi-master cluster, this command returns
Success
if the endpoint exists and output does not include entries showing the endpoint name and its state.
Parent topic: Endpoint Management Commands
3.2.2 okv admin endpoint create Command
The okv admin endpoint create
command adds a new endpoint to Oracle Key Vault.
Required Authorization
System Administrator role or the Create Endpoint system privilege
After you add the endpoint, the endpoint will be in the Registered state.
Syntax
okv admin endpoint create --endpoint endpoint_name --description "description" --email email_address --platform platform --type type --subgroup "subgroup_value" --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "create", "options" : { "endpoint" : "#VALUE", "description" : "#VALUE", "email" : "#VALUE", "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS", "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER", "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
The name of the endpoint that you want to add. See Naming Guidelines for Objects. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
|
Optional |
A user friendly description of the endpoint. If the description contains spaces, you must enclose it within double quotation marks. |
|
Optional |
Email address of the endpoint administrator. Enclose this value in double quotation marks. |
|
Required |
The endpoint platform. Allowed values are:
|
|
Required |
Type of the endpoint. Allowed values are:
|
|
Optional |
For multi-master cluster environments, defines the affinity that an endpoint will have to a specific Oracle Key Vault cluster subgroup. Values are as follows:
|
|
Optional |
In a multi-master cluster environment, creates the endpoint as a unique endpoint. In a multi-master cluster, it is possible that an endpoint with the same name could be created from two different nodes. If that happens, then endpoint names may conflict. The Oracle Key Vault conflict resolution scheme will keep one endpoint with the given name and rename other endpoints with the conflicting names to a name using this format: Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv admin endpoint create
command.okv admin endpoint create --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "create", "options" : { "endpoint" : "#VALUE", "description" : "#VALUE", "email" : "#VALUE", "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS", "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER", "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
create_ep.json
) and then edit it so that you can create the endpoint.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "create", "options" : { "endpoint" : "hr_db_ep", "description" : "HR database endpoint", "email" : "pfitch@example.com", "platform" : "LINUX64", "type" : "ORACLE_DB", "subgroup" : "USE CREATOR SUBGROUP", "unique" : "FALSE" } } }
- Execute the
okv admin endpoint create
command using the generated JSON file.okv admin endpoint create --from-json create_ep.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "1AC9B321-6540-4F2B-809B-95FD7416999E" } }
You can use the
locatorID
from above output with theokv admin endpoint check-status
command to display the current state of the endpoint object. If the object status isACTIVE
, this command also displays the object name after the conflict-name resolution.
Parent topic: Endpoint Management Commands
3.2.3 okv admin endpoint delete Command
The okv admin endpoint delete
command removes an endpoint from Oracle Key Vault.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint delete --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "delete", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv admin endpoint delete
command.okv admin endpoint delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "delete", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
delete_ep.json
) and then edit it so that you can delete the endpoint.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "delete", "options" : { "endpoint" : "sales_db_ep" } } }
- Execute the
okv admin endpoint delete
command using the generated JSON file.okv admin endpoint delete --from-json delete_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Endpoint Management Commands
3.2.4 okv admin endpoint download Command
The okv admin endpoint download
command downloads the endpoint software (okvclient.jar
) to the specified directory.
If you want to both download and then install the endpoint software, then use the okv admin endpoint provision
command.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint download --endpoint endpoint_name --location download_location
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "download", "options" : { "endpoint" : "#VALUE", "location" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
endpoint |
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
|
Required |
Absolute path to the download directory for the endpoint software. For example, if you specify |
JSON Example
- Generate JSON input for the
okv admin endpoint download
command.okv admin endpoint download --generate-json-input
The genereated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "download", "options" : { "endpoint" : "#VALUE", "location" : "#VALUE" } } }
- Save the generated input to a file (for example,
download_ep.json
) and then edit it so that you can create the endpoint.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "download", "options" : { "endpoint" : "hr_db_ep", "location": "/opt/downloads/okv" } } }
- Execute the
okv admin endpoint download
command using the generated JSON file.okv admin endpoint download --from-json download_ep.json
A successful download of the
okvclient.jar
file displays the following output:{ "result" : "Success" }
Related Topics
Parent topic: Endpoint Management Commands
3.2.5 okv admin endpoint get-enrollment-token Command
The okv admin endpoint get-enrollment-token
command retrieves an enrollment token for a registered endpoint.
The enrollment token is a one-time token that is generated during the endpoint creation (registration). This token is then used to download the software and install the endpoint. The okv admin endpoint get-enrollment-token
is useful for the cases where the endpoint administrator (and not the Oracle Key Vault administrator) must download and provision the endpoint. These endpoint administrators, who generally are not Oracle Key Vault users, use the Oracle Key Vault management console to download the endpoint software by providing the token. The okv admin endpoint get-enrollment-token
command enables the Oracle Key Vault administrator to retrieve the token using the RESTful services utility, and then pass it securely to an endpoint administrator through an out-of-band channel (for example, email).
This command will work only for endpoints in the Registered state.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint get-enrollment-token --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "get-enrollment-token", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the registered endpoint. To find existing registered endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv admin endpoint get-enrollment-token
command.okv admin endpoint get-enrollment-token --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "get-enrollment-token", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_token.json
) and then edit it so that you can get the enrollment token.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "get-enrollment-token", "options" : { "endpoint" : "hr_db_ep" } } }
- Execute the
okv admin endpoint get-enrollment-token
command using the generated JSON file.okv admin endpoint get-enrollment-token --from-json get_token.json
Output showing the enrollment token appears, similar to the following:
{ "result" : "Success", "value" : { "token" : "Si71duR2mGQ8naSZ" } }
Parent topic: Endpoint Management Commands
3.2.6 okv admin endpoint provision Command
The okv admin endpoint provision
command downloads and installs the endpoint software in the specified directory.
This directory should have read, write and execute permissions for the owner and its group. For example, if the Oracle Key Vault endpoint software is installed in an Oracle Database server, then this endpoint installation directory should have read, write, and execute permissions by the oracle
user and the oinstall
group. This ensures that processes can access directories appropriately at run time.
-
You must be a user with System Administrator role or the Manage Endpoint object privilege for the endpoint.
-
You must ensure that the soft link
/usr/bin/java
points to$ORACLE_HOME/jdk/jre/bin/java
. -
You must know how the installation process determines the location of the
okvclient.ora
file.
If you only want to download the endpoint software but not install it, then use the okv admin endpoint download
command.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint provision --endpoint endpoint_name --location software_location --auto-login TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "provision", "options" : { "endpoint" : "#VALUE", "location" : "#VALUE", "autoLogin" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
|
Required |
Path to the location where to install the endpoint software. For Transparent Data Encryption (TDE) environments, specify |
|
Optional |
Enter one of the following values:
|
JSON Example
- Generate JSON input for the
okv admin endpoint provision
command.okv admin endpoint provision --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "provision", "options" : { "endpoint" : "#VALUE", "location" : "#VALUE", "autoLogin" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
provision_ep.json
) and then edit it so that you can download and install the endpoint software.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "provision", "options" : { "endpoint" : "hr_db_ep", "location" : "/u01/opt/oracle/product/okv", "autoLogin" : "TRUE" } } }
- Execute the
okv admin endpoint provision
command using the generated JSON file.okv admin endpoint provision --from-json provision_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Related Topics
Parent topic: Endpoint Management Commands
3.2.7 okv admin endpoint re-enroll Command
The okv admin endpoint re-enroll
command re-enrolls a previously enrolled endpoint.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint re-enroll --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "re-enroll", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv admin endpoint re-enroll
command.okv admin endpoint re-enroll --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "re-enroll", "options" : { "endpoint" : "#VALUE" } } }
- Save the generate input to a file (for example,
re-enroll_ep.json
) and then edit it so that you can re-enroll the endpoint.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "re-enroll", "options" : { "endpoint" : "hr_db_ep" } } }
- Execute the
okv admin endpoint re-enroll
command using the generated JSON file.okv admin endpoint re-enroll --from-json re-enroll_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Endpoint Management Commands
3.2.8 okv admin endpoint re-enroll-all Command
The okv admin endpoint re-enroll-all
command re-enrolls all previously enrolled endpoints.
Required Authorization
System Administrator role
Syntax
okv admin endpoint re-enroll-all
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "re-enroll-all" } }
Parameters
None
JSON Example
- Generate JSON input for the
okv admin endpoint re-enroll-all
command.okv admin endpoint re-enroll-all --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "re-enroll-all" } }
- Save the generate input to a file (for example,
re-enroll-all_ep.json
). - Execute the
okv admin endpoint re-enroll-all
command using the generated JSON file.okv admin endpoint re-enroll-all --from-json re-enroll-all_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Endpoint Management Commands
3.2.9 okv admin endpoint update Command
The okv admin endpoint update
command updates the settings of an endpoint.
Required Authorization
System Administrator role or the Manage Endpoint object privilege for the endpoint
Syntax
okv admin endpoint update --endpoint endpoint_name --description "description" --email email_address --platform platform --type type --subgroup "subgroup_value" --unique TRUE|FALSE --name new_endpoint_name
JSON Input File Template
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "update", "options" : { "endpoint" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "email" : "#VALUE", "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS", "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER", "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint that you want to update. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
|
Optional |
A user-friendly description of the endpoint. If the description contains spaces, you must enclose it within double quotation marks. |
|
Optional |
Email address of the endpoint administrator. Enclose this value in double quotation marks. |
|
Optional |
The endpoint platform. Allowed values are:
|
|
Optional |
Type of the endpoint. Allowed values are:
|
|
Optional |
For multi-master cluster environments, defines the affinity that an endpoint will have to a specific Oracle Key Vault cluster subgroup. Values are as follows:
|
|
Optional |
In a multi-master cluster environment, creates the endpoint as a unique endpoint. In a multi-master cluster, it is possible that an endpoint with the same name could be created from two different nodes. If that happens, then endpoint names may conflict. The Oracle Key Vault conflict resolution scheme will keep one endpoint with the given name and rename other endpoints with the conflicting names to a name using this format: Valid settings are as follows:
|
|
Optional |
A new name for the endpoint. See Naming Guidelines for Objects. |
JSON Example
- Generate JSON input for the
okv admin endpoint update
command.okv admin endpoint update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "update", "options" : { "endpoint" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "email" : "#VALUE", "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS", "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER", "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
update_ep.json
) and then edit it so that you can update the endpoint.{ "service" : { "category" : "admin", "resource" : "endpoint", "action" : "update", "options" : { "endpoint" : "hr_db_ep", "name" : "HR_DB" } } }
- Execute the
okv admin endpoint update
command using the generated JSON file.okv admin endpoint update --from-json update_ep.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "C27E950A-0DF3-402E-BB40-4903FC936C85" } }
This example shows the output for renaming an endpoint in a multi-master cluster. On renaming, an endpoint is placed into the
PENDING
state for the duration of the naming conflict resolution.Unless you renamed the endpoint in a multi-master cluster, the
status
andlocatorID
entries are not included in the output.
Parent topic: Endpoint Management Commands