Index

A  B  C  D  E  F  G  I  J  K  L  M  N  O  P  R  S  T  U  V  W  

---

A

• about managing 8.5.1
• access control
  • access grants for virtual wallets 2.3.2
  • how configuration works 2.3.1
• access control options 2.3.3
• access grants 2.3.2
• adding user to user group 8.5.4
• administration users
  • multi-masters clusters effect on 8.1.2.4
• administrative roles
  • about 2.4.2.1
  • about managing 8.2.1
  • Audit Manager
    • about 2.4.2.4
  • granting or changing 8.2.2
  • Key Administrator
    • about 2.4.2.3
  • revoking 8.2.8
  • separation of duty 2.4.1
  • System Administrator
    • about 2.4.2.2
• alerts 1.5.3
  • about 19.2.1
  • configuring 19.2.2
  • types of 19.2.1
  • viewing open alerts 19.2.3
• architecture 3.3
• archiving
  • credential files 15.1.1
• auditing
  • about 19.3.1
  • audit trail contents 19.3.2
  • deleting audit records 19.3.5
  • exporting audit records to file 19.3.5
  • setting for cluster 16.3.3.6
  • setting for node 16.3.2.8
  • syslog file 19.3.3
  • viewing audit records 19.3.4
• Audit Manager
  • about 2.4.2.4
• Audit Manager role
  • multi-master cluster effect on 8.1.2.3
• audit trail contents 19.3.2
• Automatic Storage Management
  • uploading keystores
    • about 14.4.1
    • copying keystore to 14.4.3
    • procedure 14.4.2

---

B

• backing up data
  • about 18.1
  • best practices 18.6
  • chanding schedule 18.4.2
  • deleting schedule 18.4.3
  • multi-master cluster environment 18.4.5
  • primary-standby deployment 18.4.4
  • recovery passphrase 18.4.6
  • scheduling backup 18.4.1
• backup destinations
  • about 18.2.1
  • changing settings 18.2.3
  • creating remote 18.2.2
  • deleting remote 18.2.4
• backups
  • console certificates 17.2.5
  • protecting with recovery passphrase 18.4.6
  • reports 19.4.7
  • types 18.3.2
• backup scheduling 18.4
  • about 18.3.1
  • types 18.3.2
• benefits
  • centralizing key lifecyle management 1.2
  • centralizing key storage 1.2
  • fighting security threats 1.2

---

C

• candidate nodes 3.4.3.3
• centralized storage
  • Java keystores 1.3.1
  • Oracle wallet files 1.3.1
• centralized storage and management of security objects 1.5.1
• centrally managed passwords 15.4.2
• certifcates
  • rotating, about 17.1.1
  • rotating, procedure 17.1.4
  • rotation, checking overall status 17.1.5
  • rotation, checking status for endpoints 17.1.6
• certificates
  • See: console certificates
  • post-rotation tasks 17.1.7
  • rotating, advice 17.1.2
  • rotating, factors that may affect process 17.1.3
• changepwd command (okvutil) B.3
• changing a user group description 8.5.7
• Classic mode network interface
  • checking status of 16.2.1
• cluster nodes
  • about 3.3.1
  • limitation 3.3.2
• cluster node types
  • about 3.3.7
• clusters
  • creating first node 4.2.2
  • deleting a node 4.6
  • disabling a node 4.4
  • disabling node replication 4.8.2
  • enabling a node 4.5
  • enabling node replication 4.8.3
  • force deleting a node 4.7
  • management information 3.7, 4.9
  • monitoring information 4.10
  • read-only, creating 4.2.3.2
  • read-write pair of nodes, creating 4.2.3.1
  • read-write pairs of nodes, creating 4.2.3.3
  • restarting cluster services 4.8.1
  • setting up, about 4.2.1
  • terminating node pairing 4.3
• cluster size and availability guidance 3.5.1
• cluster subgroups
  • about 3.3.3
• Commercial National Security Algorithm (CNSA)
  • about 16.6.1
  • backup and restore operations 16.6.3
  • running scripts 16.6.2
  • upgrading primary-standby Oracle Key Vault servers 16.6.5
  • upgrading standalone Oracle Key Vault server 16.6.4
• configuration files
  • endpoint configuration file 13.6
• configuration parameters
  • endpoints 12.3.3.1
  • setting for individual endpoints 12.3.4
  • setting globally for individual endpoints 12.3.3.2
• configuring a primary-standby deployment 5.1.1
• conflicts in names of objects 4.11.1
• console certificates
  • about managing 17.2.1
  • backup data restored 17.2.5
  • downloading CA request 17.2.2
  • having signed 17.2.3
  • primary-standby environments 17.2.5
  • RESTful services 17.2.5
  • uploading 17.2.4
• controller nodes
  • about 3.4.3.2
• Create Endpoint Group privilege
  • endpoint privileges
    • separation of duty 2.4.1
  • granting or changing 8.2.5
  • separation of duty 2.4.1
• Create Endpoint privilege
  • about 2.4.3.2
  • granting or changing 8.2.3
  • separation of duty 2.4.1
• creating a user group 8.5.3
• creating user accounts 8.1.3
• credential files
  • about archiving and downloading 15.1.1
  • change to content guidance 15.1.4
  • downloading
    • guidance 15.1.4
    • procedure 15.1.3
  • overwriting danger of 15.1.4
  • sharing with multiple endpoints guidance 15.1.4
  • uploading
    • guidance 15.1.4
    • procedure 15.1.2
• credentials
  • guidance for SQL*Plus 15.2
  • guidance for SSH 15.3
• critical data 3.3.4
• C SDK 1.6.4

---

D

• dashboard
  • status panes 16.1.3
  • viewing 16.1.2
• data
  • backing up, about 18.1
  • restoring, about 18.1
• Database as a Service
  • about configuring for Key Vault 7.2.1
  • configuring instance 7.2.2
  • creating low privileged user 7.2.3
  • deleting SSH tunnel 7.3.7
  • disabling SSH tunnel 7.3.5
  • enrolling instance as endpoint
    • about 7.4.1
    • installing Oracle Key Vault software onto 7.4.4
    • post-installation tasks 7.4.5
    • preparing environment 7.4.3
    • registering 7.4.2
  • resuming access to Oracle Key Vault 7.7
  • reverse SSH tunnel in multi-master cluster 7.3.2
  • reverse SSH tunnel in primary-standby configuration 7.3.3
  • SSH tunnel between Oracle Key Vault and DBaas instance 7.3.1
  • SSH tunnel not active 7.3.6
  • suspending access to Oracle Key Vault
    • about 7.5.1
    • procedure 7.5.2
  • users
    • low privileged user for DBaaS 7.2.3
  • viewing SSH tunnel details 7.3.4
• deleting user accounts 8.1.5
• deleting user groups 8.5.9
• deployment
  • architecture 2.2
  • overview 1.7
• deployments
  • credential files, archiving and downloading 15.1.1
  • Java keystores, uploading and downloading 11.4.1
  • JKS and JCEKS keystores, archiving and downloading 11.5.1
  • migrating standalone Key Vault server to multi-master cluster 3.4.4.1
  • online master keys for TDE wallets 1.3.2
  • Oracle wallets, uploading and downloading 11.4.1
  • primary-standby to multi-master cluster 3.4.4.2
  • recommendations for 4.12
• deployment scenarios
  • cluster size and availability 3.5.1
  • mid-size cluster 3.5.3
  • two data centers 3.5.3
  • two nodes 3.5.2
• diagnostic reports
  • about 19.1.4.1
  • generating file 19.1.4.3
  • installing generation utility 19.1.4.2
  • removing diagnostic generation utility 19.1.4.5
  • removing temp files 19.1.4.4
• diagnostics
  • accessing with okvutil diagnostics B.4
• diagnostics generation utility
  • transaction check error C.8
• DNS
  • configuring NTP servers for non-multi-master clusters 16.2.3
  • nodes 16.3.2.3
• DNS settings
  • multi-master clusters 16.3.3.2
• download command (okvutil) B.5
• downloading
  • credential files 15.1.3
  • JKS and JCEKS keystores 11.5.1, 11.5.3
  • wallets 11.4.3
• downtime, minimizing 16.7
• Dual NIC mode network interface
  • checking status of 16.2.1
• dual NIC network mode
  • changing for nodes 16.3.2.7
  • changing for standalone environment 16.2.7

---

E

• effective group membership, LDAP users 9.1
• email addresses
  • changing 8.4.1
  • disabling email notifications 8.4.2
• email notification
  • about 19.1.2.1
  • configuring 19.1.2.2
  • disabling 19.1.2.4
  • testing 19.1.2.3
• emergency system recovery 2.6
• endpoint administrators
  • about 2.8
• endpoint groups
  • access grant to virtual wallet 12.6.4
  • adding endpoint too 12.6.5
  • creating 12.6.2
  • deleting 12.6.7
  • modifying details 12.6.3
  • modifying virtual wallets from Keys & Wallets tab 10.2.3
  • multi-master clusters, effect on 12.6.1
  • naming guidelines 2.5
  • removing access to virtual wallets from Keys & Wallets tab 10.2.2
  • removing endpoint 12.6.6
• endpoint node scan lists
  • about 3.6.3
• endpoint privileges
  • about managing 8.2.1
• endpoints 12.6.2
  • See also: endpoint groups
  • about 12.2.5.1
  • about managing 12.1.1
  • adding access to virtual wallet 12.5.1
  • adding to an endpoint group 12.6.5
  • adding using administrator-initiated enrollment 12.2.3
  • adding using self-enrollment 12.2.4
  • adding using self-enrollment, about 12.2.4.1
  • adding using self-enrollment, procedure for 12.2.4.2
  • administrators for 12.1.1
  • alternative for individual 12.2.5.3
  • associating default wallet with 12.4.1
  • configuration file 13.6
  • configuration parameters, about 12.3.3.1
  • DBaaS
    • enrolling 7.4.1
    • registering 7.4.1
  • default wallet, setting for 12.4.2
  • deleting 12.2.5.1, 12.2.5.2, 12.2.5.3
  • details
    • about 12.3.1
    • configuration parameters, about 12.3.3.1
    • modifying 12.3.2
  • diagnostics B.4
  • downloading software 13.2.1
  • endpoint node scan lists 3.6.3
  • enrolling and provisioning 13.2.1
  • enrollment
    • about 13.1
    • administrator initiated, about 12.2.1
    • types of enrollment 12.2.1
  • enrollment in multi-master cluster 12.2.2
  • enrollment process
    • about 13.1
  • enrollment types 12.2.1
  • guidance on enrolling across deployments 3.5.3
  • installing software for new enrollment 13.2.3
  • Java home, how determined 13.3.1
  • limitiations of TDE endpoint integration 11.2.2
  • modifying virtual wallets from Keys & Wallets tab 10.2.3
  • multi-master clusters, effect on 12.1.2
  • naming guidelines 2.5
  • nodes available for connection 3.6.3
  • not using Oracle Key Vault client software 13.4
  • okvclient.ora file 13.6
  • okvutil utility for provisioning B.1
  • one or more endpoints 12.2.5.2
  • Oracle Cloud Infrastructure database instance
    • about 7.1
  • password, changing B.3
  • post-installation for new enrollment 13.2.4
  • preparing environment for new enrollment 13.2.2
  • privileges for managing 2.4.3.1
  • provisioning
    • about 13.1
  • reenrolling 12.2.5.5
  • removing access to virtual wallets from Keys & Wallets tab 10.2.2
  • removing from an endpoint group 12.6.6
  • reports 19.4.5
  • revoking access to virtual wallet 12.5.2
  • setting configuration parameters globally 12.3.3.2
  • setting configuration parameters individually 12.3.4
  • suspending 12.2.5.4
  • TDE endpoint management 13.5
  • upgrading for enrolled 13.7.2
  • upgrading for unenrolled
    • downloading Oracle Key Vault okvclient.jar software 13.7.1.2
    • installing Oracle Key Vault okvclient.jar software 13.7.1.3
    • post-installation tasks 13.7.1.4
    • preparing environment 13.7.1.1
  • upgrading from unenrolled endpoint 13.7.1
  • wallet items, viewing 12.5.3
• endpoint self-enrollment, about 12.2.1
• enrolling endpoints
  • about 13.1
  • administrator initiated
    • about 12.2.1
  • self-initiated
    • about 12.2.1
• environment variables
  • JAVA_HOME, how determined during client installation 13.3.1
  • OKV_HOME
    • non-database utilities 13.3.3
    • set during installation 13.3.2
  • okvclient.ora location of 13.3.2
  • persistent master encryption key cache 11.1.4
  • sqlnet.ora file 13.3.4
• Error
  • Object is Unstorable in Container error B.5
• EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 11.1.7.6
• external keystore password uploads
  • about 15.4.1
• external keystore password uploads to large deployments 15.4.2
  • changing passwords 15.4.5
  • example script for using passwords 15.4.3
  • sharing secrets 15.4.4

---

F

• failovers
  • restoring primary-standby after 5.4
• failover situations
  • read-only restricted mode C.13.1
• FIPS 140–2 2.9
• FIPS-Inside
  • See: FIPS mode
• FIPS mode 2.9
  • disabling 16.3.2.5
  • disabling for non-multi-master clusters 16.2.5
  • enabling 16.3.2.5
  • enabling for non-multi-master clusters 16.2.5

---

G

• granting access to objects or users 2.3.2

---

I

• initial node
  • creating 4.2.2
  • creation of 3.4.2
• interfaces 1.6
  • C client 1.6.4
  • Java client 1.6.4
  • management console 1.6.1
  • okvutil endpoint utility 1.6.2
  • RESTful services 1.6.3

---

J

• JAVA_HOME environment variable
  • how determined during client installation 13.3.1
  • location determined during installation 13.3.1
• Java keystores
  • downloading B.5
  • uploading B.7
• Java SDK 1.6.4
• JKS and JCEKS keystores
  • downloading
    • JKS and JCEKS keystores 11.5.1
    • procedure 11.5.3
  • uploading
    • procedure 11.5.2
• JKS and JCKS keystores
  • change to content guidance 11.5.4
  • downloading
    • guidance 11.5.4
  • overwriting danger of 11.5.4
  • sharing with multiple endpoints guidance 11.5.4
  • uploading
    • guidance 11.5.4

---

K

• Kerberos keytabs
  • downloading B.5
• Key Administrator role
  • about 2.4.2.3
  • multi-master cluster effect on 8.1.2.2
• key lifecycle management 1.5.2
• key management reports for Oracle endpoints 19.4.2
• key rotation 1.3.2
• keys
  • activating 10.4.3
  • deactivating 10.4.4
  • deleting 10.4.6
  • finding for Key Vault B.6
  • multi-master clusters, effect on 10.4.2
  • reports 19.4.3
  • revoking 10.4.5
  • state of, managing 10.4.1
• keystores
  • Automatic Storage Management
    • about uploading from 14.4.1
    • copying keystore to 14.4.3
    • procedure for uploading from 14.4.2
• KMIP Protocol 1.5.8

---

L

• LDAP configuration
  • about 9.1
  • about logging in as LDAP user 9.4.1
  • creating the provider connection 9.3.2
  • deleting 9.5.5
  • disabling 9.5.4
  • enabling 9.5.1
  • LDAP directory server preparation tasks 9.3.1
  • logging in as LDAP user 9.4.2
  • mapping LDAP groups to Oracle Key Vault user groups 9.3.3
  • modifying 9.5.2
  • privilege grants for LDAP users 9.2
  • testing 9.5.3
• LDAP groups
  • about 9.6.1
  • creating group mappings 9.6.2
  • deleting mapping 9.6.5
  • modifying group mappings 9.6.3
  • validating group mappings 9.6.4
• LDAP users
  • about 9.7.1
  • about validation 9.7.3.1
  • effective group membership 9.1
  • finding information about 9.7.2
  • modifying, about 9.7.4.1
  • modifying by regular users who have manage wallet privileges 9.7.4.3
  • modifying using Key Administrator role 9.7.4.2
  • removing from Oracle Key Vault 9.7.5
  • validating 9.7.3.2
• list command (okvutil) B.6
• local backup destinations
  • about 18.2.1
• log file locations C.1
• logging in
  • as LDAP user 9.4.2
  • as LDAP user, about 9.4.1

---

M

• Manage Endpoint Group privilege
  • about 2.4.3.4, 2.4.3.5
  • endpoint privileges
    • separation of duty 2.4.1
  • granting or changing 8.2.6
  • revoking 8.2.8
  • separation of duty 2.4.1
• Manage Endpoint privilege
  • about 2.4.3.3
  • granting or changing 8.2.4
  • revoking 8.2.8
  • separation of duty 2.4.1
• management console
  • about 1.6, 1.6.1
• Management Information Base (MIB) variables 19.1.1.6
• master encryption keys
  • See: persistent master encryption key cache
  • persistent master encryption key cache 1.5.5, 11.1.3
  • TDE,
    • See: persistent master encryption key cache
  • user-defined key as 11.6.1
• maximum disable node duration
  • multi-master clusters 16.3.3.3
• Microsoft Active Directory
  • See: LDAP configuration
• migration
  • directory permissions C.2
• monitoring
  • diagnostic reports 19.1.4.1
  • email notification 19.1.2.1
  • remote monitoring 19.1.1.1
  • reports 19.4.1
  • SNMP 19.1.1.1
  • syslog configuration 19.1.3
• monitoring information for clusters 4.10
• multi-master cluster configuration
  • Oracle Audit Vault integration 19.3.6.6
• multi-master clusters 3.3
  • about managing 4.1
  • addition of new server to cluster 3.4.3.3
  • addition of nodes 3.4.3.4
  • administration users, effect on 8.1.2.4
  • auditing for cluster
    • setting 16.3.3.6
  • auditing for individual nodes
    • setting 16.3.2.8
  • Audit Manager role, affect on 8.1.2.3
  • backup and restore operations 18.1
  • benefits 3.2
  • building and managing, about 3.4.1
  • candidate node 3.4.3.3
  • changing recovery passphrase 16.4.4
  • cluster node 3.3.1
  • cluster subgroups 3.3.3
  • controller node 3.4.3.2
  • critical data 3.3.4
  • difference from primary-standby configuration 5.1.3
  • DNS for individual nodes
    • configuring 16.3.2.3
  • DNS settings 16.3.3.2
  • downtime, minimizing 16.7
  • effect on role management 8.2.1
  • endpoint enrollment 12.2.2
  • endpoint groups, effect on 12.6.1
  • endpoints 12.2.2
  • endpoints, effect on 12.1.2
  • expansion of
    • about 3.4.3.1
    • addition of more nodes 3.4.3.4
    • controller node 3.4.3.2
  • FIPS mode for individual nodes, setting 16.3.2.5
  • host name network setting for individual nodes 16.3.2.1
  • inconsistency resolution 3.6.1
  • initial node 3.4.2
  • Key Administrator role, effect on 8.1.2.2
  • keys, effect on 10.4.2
  • maximum disable node duration 16.3.3.3
  • mid-size cluster 3.5.3
  • migrating standalone Key Vault server to 3.4.4.1
  • mode types 3.3.7
  • multi-master clusters
    • expansion of
      • candidate nodes 3.4.3.3
  • name conflict resolution 3.6.2
  • network services for individual nodes 16.3.2.2
  • node limitations 3.3.2
  • operations permitted on modes 3.3.8
  • Oracle Key Vault management console, setting timeout 16.3.3.8
  • overview 3.1
  • primary-standby to multi-master cluster 3.4.4.2
  • read-only mode 3.3.7
  • read-only node 3.3.6
  • read-only restricted mode 3.3.7
  • read-write mode 3.3.7
  • read-write node 3.3.5
  • reconfiguration changes 3.4.3.2
  • RESTful services enablement 16.3.3.5
  • restore operations 18.5.3
  • reverse SSH tunnels 7.3.2
  • security objects, effect on 10.4.2
  • size and availability 3.5.1
  • SNMP settings 16.3.3.7
  • SNMP settings for individual node 16.3.2.9
  • syslog destination
    • clearing 19.1.3.2
    • setting 19.1.3.1
  • syslog settings 16.3.3.4
  • syslog settings, node 16.3.2.6
  • System Administrator role, effect on 8.1.2.1
  • system settings 16.3.1
  • system settings for individual nodes 16.3.2
  • system time for cluster
    • setting 16.3.3.1
  • system time for individual nodes
    • setting 16.3.2.4
  • system users, effect on 8.1.2.5
  • two data centers 3.5.3
  • two nodes 3.5.2
  • user accounts, effect on 8.1.2
  • user groups, changing description 8.5.7
  • user groups, creating in 8.5.3
  • user groups, deleting 8.5.9
  • user groups, effect on 8.5.2
  • user groups, removing users from 8.5.8
  • user groups, renaming 8.5.6
  • users, effect on 8.1.2.4
  • virtual wallet user access to 8.2.7
• MySQL integration with Oracle Key Vault 14.5

---

N

• naming conflicts
  • about 4.11.1
  • accepting suggested name 4.11.4
  • changing suggested name 4.11.3
  • finding 4.11.2
• network details
  • configuring for non-multi-master clusters 16.2.1
• network interface
  • checking status of 16.2.1
• network services
  • configuring for non-multi-master clusters 16.2.2
• nodes
  • creating first node 4.2.2
  • deleting 4.6
  • disabling 4.4
  • disabling replication 4.8.2
  • enabling 4.5
  • enabling replication 4.8.3
  • force deleting 4.7
  • restarting cluster services for 4.8.1
  • terminating pairing of 4.3
• NTP servers
  • configuring DNS for non-multi-master clusters 16.2.3

---

O

• OASIS Key Management Interoperability Protocol (KMIP)
  • Oracle Key Vault implementation of 1.5.8
• objects
  • naming guidelines 2.5
• OKV_HOME environment variable
  • non-database utilities 13.3.3
• okvclient.jar
  • downloading for installation on endpoint 13.2.1
• okvclient.ora file
  • about 13.6
• okvutil utility
  • about 1.6, 1.6.2
  • changepwd command B.3
  • diagnostics command B.4
  • download command B.5
  • list command B.6
  • syntax B.2
  • upload command B.7
  • used to manage endpoints B.1
• online master keys
  • about using with Oracle Key Vault 1.3.2
  • centralized management of TDE keys 1.3.2
  • Oracle Data Guard connection 14.3.3
  • Oracle GoldenGate 14.2.2
• operations, restrictions and conditions of A
• options for access control 2.3.3
• Oracle Active Data Guard
  • support for data moves 14.6
• Oracle Audit Vault
  • checking monitoring for multi-master cluster node 16.3.2.10
  • checking monitoring for non-multi-master clusters 16.2.9
• Oracle Audit Vault integration
  • checking environment 19.3.6.1.1
  • deleting integration 19.3.6.5
  • integration steps 19.3.6.1.2
  • multi-master cluster integration 19.3.6.6
  • primary-standby integration 19.3.6.6
  • resuming monitoring operation 19.3.6.4
  • suspending monitoring operation 19.3.6.3
  • viewing collected audit data 19.3.6.2
• Oracle Cloud Infrastructure database instance endpoints
  • about 7.1
• Oracle Data Guard
  • migrating Oracle wallets 14.3.4
  • online master keys connection 14.3.3
  • reverse migrating wallets 14.3.5
  • uploading wallets to Oracle Key Vault 14.3.1
• Oracle Data Pump support for data moves 14.6
• Oracle GoldenGate
  • online master keys with
    • about 14.2.2
  • TDE wallet migration
    • about 14.2.3
  • wallets used with 14.2.1
• Oracle Key Vault
  • administering cluster environments 16.3
  • benefits 1.2
  • deployment architecture 2.2
  • deployment overview 1.7
  • key management, about 1.1
  • standards and protocols 1.5.8
  • who should use 1.4
• Oracle Key Vault client
  • C SDK 1.6.4
  • Java SDK 1.6.4
• Oracle Key Vault client software
  • endpoints not using 13.4
• Oracle Key Vault compute instance
  • about 6.1
  • about provisioning 6.3.1
  • benefits 6.2
  • finding image 6.3.2.3
  • launching, about 6.3.2.1
  • launching process 6.3.2.4
  • migrating data out of compute instance 6.5.3
  • migrations, about 6.5.1
  • post-installation tasks 6.3.2.5
  • post-launch tasks 6.3.2.5
  • prerequisites 6.3.2.2
  • restarting 6.4.1
  • starting 6.4.1
  • stopping 6.4.1
  • system settings 6.4.2
  • terminating 6.4.4
  • transitioning data into a compute instance 6.5.2
• Oracle Key Vault compute instances
  • backup operations 6.4.3
  • restore operations 6.4.3
• Oracle Key Vault concepts 2.1
• Oracle Key Vault endpoint utility
  • See: okvutil utility
  • about 1.6, 1.6.2
• Oracle Key Vault features
  • ASM cluster file system encryption key management 1.5.12
  • audit and monitoring services, external support for 1.5.10
  • backup and restore support for security objects 1.5.6
  • centralized storage and management of security objects 1.5.1, 1.5.8
  • database release and platform support 1.5.9
  • DBaaS endpoint support 1.5.13
  • HSM integration 1.5.14
  • key lifecycle management 1.5.2
  • MySQL integration 1.5.11
  • persistent master encryption key cache 1.5.5
  • primary-standby environment support 1.5.15, 16.5
  • reporting and alerts 1.5.3
  • RESTful service support 1.5.7
  • separation of duties 1.5.4
• Oracle Key Vault general system administration
  • about 16.1.1
• Oracle Key Vault interfaces 1.6, 1.6.2
  • management console 1.6.1
  • RESTful services 1.6.3
• Oracle Key Vault keys
  • finding B.6
• Oracle Key Vault maintenance
  • dashboard 16.1.2
  • system settings 16.3.2
• Oracle Key Vault management console
  • about 1.6
  • timeout for multi-master cluster nodes 16.3.3.8
  • timeout for Web sessions for non-multi-master clusters 16.2.10
• Oracle Key Vault Multi-Master Cluster A
• Oracle Key Vault state
  • viewing 16.1.2
• Oracle Key Vault use cases 1.3
• Oracle Real Application Clusters
  • support for data moves 14.6
  • wallets 14.1
• Oracle Recovery Manager (RMAN) support for data moves 14.6
• Oracle wallets
  • downloading
    • about 11.4.1
  • uploading
    • about 11.4.1

---

P

• passphrases 16.4.1
  • See also: passwords
  • changing in clusters environment 16.4.4
  • changing in non-clusters environment 16.4.3
  • recovering credentials 16.4.2
  • recovering system 16.4.1
• passwords 16.4.1
  • See also: passphrases
  • about changing 8.3.1, 8.3.3
  • centrally managed 15.4.2
  • changing endpoint password B.3
  • changing password automatically 8.3.3.2
  • changing password manually 8.3.3.1
  • changing support user 8.3.3.3
  • changing your own 8.3.2
  • controlling manual password reset operations, about 8.3.4.1
  • controlling manual password reset operations, configuration 8.3.4.2
• persistent master encryption key cache
  • about 11.1.1
  • architecture 11.1.2
  • caching master encryption keys in-memory 11.1.3
  • contents of, listing 11.1.8
  • environment variables, importance of setting 11.1.4
  • modes of operation
    • first mode 11.1.5.2
    • Oracle Key Vault first mode 11.1.5.1
  • Oracle Database deployments 11.1.9
  • PEXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 11.1.7.6
  • PKCS11_CACHE_TIMEOUT parameter 11.1.7.1
  • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 11.1.7.4
  • PKCS11_PERSISTENT_CACHE_FIRST parameter 11.1.7.3
  • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 11.1.7.5
  • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 11.1.7.2
  • refresh window 11.1.6
  • storage location 11.1.4
• PKCS11_CACHE_TIMEOUT parameter 11.1.7.1
• PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 11.1.7.4
• PKCS11_PERSISTENT_CACHE_FIRST parameter 11.1.7.3
• PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 11.1.7.5
• PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 11.1.7.2
• powering off Oracle Key Vault for non-multi-master clusters 16.2.11
• powering off Oracle Key Vault nodes 16.3.2.11
• primary servers
  • role in primary-standby configuration 5.1.4
• primary-standby
  • restore operations 18.5.4
• primary-standby configuration
  • about 5.1.1
  • benefits 5.1.2
  • best practices 5.7
  • changing SNMP settings on standby server 19.1.1.4
  • checking TDE wallet migration for logical standby 14.3.7
  • configuring primary server 5.2.1
  • configuring standby server 5.2.2
  • difference from multi-master clusters 5.1.3
  • disabling 5.5
  • downtime, minimizing 16.7
  • enabling primary-standby on primary 5.2.3
  • migrating TDE wallets to Oracle Key Vault for standby 14.3.6
  • Oracle Audit Vault integration 19.3.6.6
  • persistent master encryption key cache
    • downtime, minimizing 16.7
  • primary server
    • configuring 5.2.1
    • enabling for primary-standby 5.2.3
  • primary server role 5.1.4
  • read-only restricted mode
    • downtime, minimizing 16.7
  • read-only restricted mode, disabling 5.6.6
  • read-only restricted mode, enabling 5.6.5
  • read-only restricted mode, recovering from 5.6.7
  • read-only restricted mode disabled 5.6.3
  • read-only restricted mode enabled 5.6.2
  • read-only restricted mode impact 5.6.1
  • read-only restricted mode state during network failure 5.6.4.4
  • read-only restricted mode state during primary server failure 5.6.4.2
  • read-only restricted mode state during standby server failure 5.6.4.3
  • read-only restricted mode states 5.6.4.1
  • restoring primary-standby after 5.4
  • reverse SSH tunnels 7.3.3
  • standby server
    • configuring 5.2.2
  • standby server role 5.1.5
  • switching servers 5.3
  • unpairing 5.5
• primary-standby environments
  • console certificates 17.2.5
• primary-standby server
  • moving to multi-master cluster 3.4.4.2
• privileges 2.3.1
  • See also: access control
  • access control options 2.3.3
  • access grants for virtual wallets 2.3.2

---

R

• read-only mode
  • about 3.3.7
• read-only nodes
  • about 3.3.6
  • creating 4.2.3.2
• read-only restricted mode
  • about 3.3.7
  • disabling 5.6.6
  • enabling 5.6.5
  • failover, planned shutdown in standby server C.13.2.3, C.13.3.3
  • failover, planned shutdown of primary server during upgrade C.13.2.1, C.13.3.1
  • failover, planned shutodwn on primary server during maintenance C.13.2.2, C.13.3.2
  • failover, unplanned shutdown in primary server C.13.2.4, C.13.3.4
  • failover, unplanned shutdown in standby server C.13.2.5, C.13.3.5
  • notifications 5.6.8
  • primary-standby configuration, impact on 5.6.1
  • primary-standby configuration without read-only restricted mode enabled 5.6.3
  • primary-standby configuration with read-only restricted mode enabled 5.6.2
  • recovering primary-standby 5.6.7
• read-only restricted mode states
  • network failure in primary-standby configuration 5.6.4.4
  • primary server failure 5.6.4.2
  • primary-standby configuration 5.6.4.1
  • standby server failure 5.6.4.3
• read-write mode
  • about 3.3.7
• read-write nodes
  • about 3.3.5
• read-write pair of nodes
  • creating 4.2.3.1
• read-write pairs of nodes
  • creating additional 4.2.3.3
• rebooting Oracle Key Vault for non-multi-master clusters 16.2.11
• rebooting Oracle Key Vault nodes 16.3.2.11
• recovery passphrase
  • about recovering 16.4.1
  • changing in clusters environment 16.4.4
  • changing in non-clusters environment 16.4.3
  • protecting the backup 18.4.6
  • recovering credentials 16.4.2
• rekey operation 1.3.2
• remote backup destination
  • about 18.2.1
• remote backup destinations
  • changing settings 18.2.3
  • creating 18.2.2
  • deleting 18.2.4
• remotely monitoring using SNMP 19.1.1.5
• remote monitoring
  • about 19.1.1.1
  • changing settings on standby server 19.1.1.4
  • changing user name and password 19.1.1.3
  • granting SNMP access to users 19.1.1.2
• removing user from a user group 8.5.8
• renaming a user group 8.5.6
• reporting 1.5.3
• reports
  • about 19.4.1
  • endpoint reports 19.4.5
  • key management reports for Oracle endpoints reports 19.4.2
  • keys reports 19.4.3
  • notification report 19.4.7
  • secrets reports 19.4.4
  • system reports 19.4.7
  • user reports 19.4.6
  • wallets reports 19.4.3
• restarting Oracle Key Vault for non-multi-master clusters 16.2.11
• restarting Oracle Key Vault nodes 16.3.2.11
• RESTful command-line interface commands
  • reports 19.4.7
• RESTful services
  • about 1.6.3
  • console certificates 17.2.5
  • disabling for non-multi-master clusters 16.2.8
  • enabling for non-multi-master clusters 16.2.8
  • multi-master clusters, enablement 16.3.3.5
• restoring data
  • about 18.5.1
  • best practices 18.6
  • multi-master clusters 18.5.3
  • primary-standby deployment 18.5.4
  • procedure 18.5.2
  • system state after 18.5.6
  • third-party certificates 18.5.5
• roles
  • about 2.4.2.1
• Roots of Trust (RoT) 1.5.14
• root user
  • about 2.7

---

S

• secrets
  • guidance for SQL*Plus 15.2
  • guidance for SSH 15.3
  • reports 19.4.4
• secure user management 8.3.4.1
• security objects
  • activating 10.4.3
  • adding to virtual wallets 10.1.4
  • deactivating 10.4.4
  • deleting 10.4.6
  • details of, about 10.5.1
  • downloading to different types B.5
  • modifying details of 10.5.4
  • multi-master clusters, effect on 10.4.2
  • removing from virtual wallets 10.1.5
  • revoking 10.4.5
  • searching for object items 10.5.2
  • state of, managing 10.4.1
  • viewing details of 10.5.3
  • virtual wallets, creating for 10.1.2
  • virtual wallets, modifying 10.1.3
• self-enrollment, for endpoints 12.2.4.1
• separation of duties 1.5.4
  • how Oracle Key Vault manages 2.4.1
  • users 8.1.1
• SNMP
  • about 19.1.1.1
  • changing settings on standby server 19.1.1.4
  • changing user name and password 19.1.1.3
  • example of simplified remote monitoring 19.1.1.7
  • granting access to user 19.1.1.2
  • Management Information Base (MIB) variables 19.1.1.6
  • remotely monitoring Oracle Key Vault 19.1.1.5
• SNMP settings
  • multi-master clusters 16.3.3.7
  • nodes 16.3.2.9
• split-brain scenarios 5.1.1
• SQL*Plus
  • guidance for credentials 15.2
  • guidance for secrets 15.2
• sqlnet.ora file
  • environment variables and 13.3.4
• SSH
  • guidance for credentials 15.3
  • guidance for secrets 15.3
• SSH key files
  • downloading from Key Vault to a wallet B.5
• SSH tunnels
  • creating between Oracle Key Vault and DBaas instance 7.3.1
  • deleting 7.3.7
  • disabling 7.3.5
  • multi-master clusters 7.3.5, 7.3.6, 7.3.7
  • not active 7.3.6
  • reverse SSH tunnel in multi-master cluster 7.3.2
  • reverse SSH tunnel in primary-standby configuration 7.3.3
  • viewing details 7.3.4
• standby servers
  • role in primary-standby configuration 5.1.5
• support user
  • about 2.7
• syslog
  • configuring for non-multi-master clusters 16.2.6
• syslog configuration
  • audit records 19.3.3
  • destination
    • clearing 19.1.3.2
    • setting 19.1.3.1
• syslog settings
  • multi-master cluster node 16.3.2.6
  • multi-master clusters 16.3.3.4
• System Administrator role
  • about 2.4.2.2
  • multi-master cluster effect on 8.1.2.1
• system diagnostics
  • See: diagnostic reports
• system recovery 2.6, 16.4.1
• system time
  • setting for non-multi-master clusters 16.2.4
• system users
  • multi-master cluster effect on 8.1.2.5

---

T

• TDE direct connect
  • See: online master keys
• TDE-enabled databases
  • about configuring Key Vault for 11.2.1
  • configuring environment for 11.2.3
  • integrating TDE with Key Vault 11.2.4
  • limitations of TDE endpoint integration 11.2.2
• TDE master encryption keys
  • centralized management 1.3.2
• TDE wallets
  • Oracle GoldenGate 14.2.3
• third-party certificates
  • restoring data 18.5.5
• time
  • setting for cluster 16.3.3.1
  • setting for node 16.3.2.4
  • setting for non-multi-master clusters 16.2.4
• Transparent Data Encryption 11.2.1
  • See also: TDE-enabled databases
  • downtime, minimizing for TDE heartbeat 16.7
  • endpoint management 13.5
• transportable tablespaces support for data moves 14.6
• troubleshooting
  • finding log files C.1
  • upgrade errors C.6
  • uploading Java keystores C.3
  • uploading keystores with same file name but different contents C.5
  • uploading the same Oracle wallet multiple times C.4
• types of backups 18.3.2

---

U

• upgrades
  • error handling C.6
• upgrading endpoint software
  • unenrolled endpoint 13.7.1
• upload command (okvutil) B.7
• uploading
  • credential files 15.1.2
  • JKS and JCEKS keystores 11.5.1, 11.5.2
  • wallets 11.4.2
  • wallet to Oracle RAC 14.1
• use cases 1.3
  • centralized storage 1.3.1
  • key rotation 1.3.2
  • online management of keys and secret data 1.3.4
  • storage of credential files 1.3.3
• user accounts
  • multi-master clusters, effect on 8.1.2
• user-defined keys
  • about 11.6.1
  • activating 11.6.3
  • uploading to Oracle Key Vault 11.6.2
• user groups 8.5.1
  • adding a user 8.5.4
  • changing description 8.5.7
  • creating 8.5.3
  • deleting 8.5.9
  • granting access to virtual wallet 8.5.5
  • modifying virtual wallets from Keys & Wallets tab 10.2.3
  • multi-master clusters, effect on 8.5.2
  • naming guidelines 2.5
  • removing access to virtual wallets from Keys & Wallets tab 10.2.2
  • removing access to virtual wallets from User's tab 10.3.3
  • removing user from 8.5.8
  • renaming 8.5.6
  • revoking access to virtual wallets 10.3.4
• users 8.5.1
  • See also: user groups
  • about changing password 8.3.3
  • about user accounts 8.1.1
  • administrative roles, about 8.2.1
  • administrative roles, granting or changing 8.2.2
  • administrative roles, revoking 8.2.8
  • changing own password 8.3.2
  • changing password automatically 8.3.3.2
  • changing password manually 8.3.3.1
  • changing passwords, about 8.3.1
  • changing support user password 8.3.3.3
  • changing user email address 8.4.1
  • controlling manual password reset operations, about 8.3.4.1
  • controlling manual password reset operations, configuration 8.3.4.2
  • Create Endpoint Group privilege, granting or changing 8.2.5
  • Create Endpoint privilege, granting or changing 8.2.3
  • creating accounts 8.1.3
  • deleting accounts 8.1.5
  • disabling email notifications 8.4.2
  • endpoint administrators
    • about 2.8
  • endpoint privileges, about 8.2.1
  • endpoint privileges, revoking 8.2.8
  • granting access to virtual wallet 8.2.7
  • Manage Endpoint Group privilege, granting or changing 8.2.6
  • Manage Endpoint privilege, granting or changing 8.2.4
  • modifying virtual wallets from Keys & Wallets tab 10.2.3
  • multi-master cluster effect on 8.1.2.4
  • naming guidelines 2.5
  • removing access to virtual wallets from Keys & Wallets tab 10.2.2
  • removing access to virtual wallets from User's tab 10.3.2
  • reports 19.4.6
  • root user
    • about 2.7
  • support user
    • about 2.7
  • view account details 8.1.4

---

V

• viewing user account details 8.1.4
• virtual wallets
  • about 10.1.1
  • access management from Keys and Wallets tab 10.2.1
  • adding endpoint access to 12.5.1
  • adding security objects to 10.1.4
  • creating 10.1.2
  • deleting 10.1.6
  • endpoint group access grant 12.6.4
  • granting access to from Keys & Wallets tab 10.2.2
  • granting access to from Users tab 10.3.1
  • granting user access to 8.2.7, 8.5.5
  • granting user group access to from User's tab 10.3.3
  • modifying 10.1.3
  • modifying from Keys & Wallets tab 10.2.3
  • naming guidelines 2.5
  • removing security objects from 10.1.5
  • removing user access to from Users tab 10.3.2
  • revoking endpoint access 12.5.2
  • revoking user group access from 10.3.4

---

W

• wallets
  • checking TDE wallet migration for logical standby
    • about 14.3.7
  • downloading
    • guidance 11.4.4
    • procedure 11.4.3
  • downloading from Key Vault to a wallet B.5
  • endpoint group access grant 12.6.4
  • endpoints, associating 12.4.1
  • endpoints, viewing wallet items for 12.5.3
  • key rotation guidance 11.4.4
  • migrating existing TDE wallet to Key Vault
    • about 11.3.1
    • procedure 11.3.2
  • migrating TDE to Key Vault for logical standby database
    • about 14.3.6
  • migrating to Oracle Data Guard 14.3.4
  • Oracle GoldenGate use with 14.2.1
  • Oracle Real Application Clusters environment 14.1
  • overwriting danger of 11.4.4
  • reports 19.4.3
  • restoring database contents previously encrypted by TDE
    • about 11.3.3
  • reverse migrating in Oracle Data Guard
    • about 14.3.5
  • setting default for endpoint 12.4.2
  • sharing with multiple endpoints guidance 11.4.4
  • uploading
    • guidance 11.4.4
    • procedure 11.4.2
  • uploading contents to Key Vault server B.7
  • uploading in Oracle Data Guard
    • about 14.3.1
    • procedure 14.3.2