Administration Commands

3 Administration Commands

You can use the administration commands to manage client wallets and endpoints.

Client Wallet Management Commands
You can use the client wallet management commands to manage client wallets that store user credentials.
Endpoint Management Commands
The endpoint management commands enable you to perform endpoint-related tasks such as creating or provisioning endpoints.

3.1 Client Wallet Management Commands

You can use the client wallet management commands to manage client wallets that store user credentials.

okv admin client-wallet add Command
The okv admin client-wallet add command creates client wallets ewallet.p12 and cwallet.sso, if they do not exist, and adds the user's credentials into the client wallet.
okv admin client-wallet delete Command
The okv admin client-wallet delete command deletes a user's credentials from a client wallet.
okv admin client-wallet list Command
The okv admin client-wallet list command lists the users whose credentials are stored in the client wallet.
okv admin client-wallet update Command
The okv admin client-wallet update command updates the user's password in the client wallet.

Parent topic: Administration Commands

3.1.1 okv admin client-wallet add Command

The okv admin client-wallet add command creates client wallets ewallet.p12 and cwallet.sso, if they do not exist, and adds the user's credentials into the client wallet.

Required Authorization

None

Syntax

okv admin client-wallet add --client-wallet client_wallet_location --wallet-user user_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "add",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--client-wallet` / `clientWallet`	Required	Location of the client wallet (that is, the directory where client wallet is created)
`--wallet-user` / `walletUser`	Required	User name

JSON Example

Generate JSON input for the okv admin client-wallet add command.

okv admin client-wallet add --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "add",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, client_wallet_add.json) and then edit it so that you can specify the user whose password you want to add to the wallet and the client wallet location.

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "add",
    "options" : {
      "clientWallet" : "/home/oracle/okv_client_wallet",
      "walletUser" : "pfitch"
    }
  }
}

Execute the okv admin client-wallet add command using the generated JSON file.
```
okv admin client-wallet add --from-json client_wallet_add.json
```
When prompted, enter the password for the user. After you enter the password, output similar to the following appears:
```
Password: password
{
  "result" : "Success"
}
```

Parent topic: Client Wallet Management Commands

3.1.2 okv admin client-wallet delete Command

The okv admin client-wallet delete command deletes a user's credentials from a client wallet.

Required Authorization

Read-write permissions on the client wallet

Syntax

okv admin client-wallet delete client-wallet client_wallet_location --wallet-user wallet_user_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "delete",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--client-wallet` / `clientWallet`	Required	Location of the client wallet (that is, the directory where client wallet is created)
`--wallet-user` / `walletUser`	Required	User name

JSON Example

Generate JSON input for the okv admin client-wallet delete command.

okv admin client-wallet delete --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "delete",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, client_wallet_delete.json) and then edit it so that you can specify the name of the user to remove from the wallet and the client wallet location.

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "delete",
    "options" : {
      "clientWallet" : "/home/oracle/okv_client_wallet",
      "walletUser" : "pfitch"
    }
  }
}

Execute the okv admin client-wallet delete command using the generated JSON file.
```
okv admin client-wallet delete --from-json client_wallet_delete.json
```
Output similar to the following appears:
```
{
  "result" : "Success"
}
```

Parent topic: Client Wallet Management Commands

3.1.3 okv admin client-wallet list Command

The okv admin client-wallet list command lists the users whose credentials are stored in the client wallet.

Required Authorization

Read file permissions on the client wallet

Syntax

okv admin client-wallet list --client-wallet client_wallet_location

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "list",
    "options" : {
      "clientWallet" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--client-wallet` / `clientWallet`	Required	Location of the client wallet (that is, the directory where client wallet is created)

JSON Example

Generate JSON input for the okv admin client-wallet list command.

okv admin client-wallet list --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "list",
    "options" : {
      "clientWallet" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, client_wallet_list.json) and then modify it to include the client wallet location.

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "list",
    "options" : {
      "clientWallet" : "/home/oracle/okv_client_wallet"
    }
  }
}

Execute the okv admin client-wallet list command using the generated JSON file.

okv admin client-wallet list --from-json client_wallet_list.json

Output similar to the following appears:

{
  "result" : "Success",
  "value" : {
    "walletUsers" : [ "psmith", "pfitch" ]
  }
}

Parent topic: Client Wallet Management Commands

3.1.4 okv admin client-wallet update Command

The okv admin client-wallet update command updates the user's password in the client wallet.

Required Authorization

Read-write file permissions on the wallet

Syntax

okv admin client-wallet update --client-wallet client_wallet_location --wallet-user user_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "update",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Parameters

Parameter	Required?	Description
`--client-wallet` / `clientWallet`	Required	Location of the client wallet (that is, the directory where client wallet is created)
`--wallet-user` / `walletUser`	Required	User name

JSON Example

Generate JSON input for the okv admin client-wallet update command.

okv admin client-wallet update --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "update",
    "options" : {
      "clientWallet" : "#VALUE",
      "walletUser" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, client_wallet_update.json) and then edit it so that you can specify the user whose password you want to update to the wallet and the client wallet location.

{
  "service" : {
    "category" : "admin",
    "resource" : "client-wallet",
    "action" : "update",
    "options" : {
      "clientWallet" : "/home/oracle/okv_client_wallet",
      "walletUser" : "pfitch"
    }
  }
}

Execute the okv admin client-wallet update command using the generated JSON file.
```
okv admin client-wallet update --from-json client_wallet_update.json
```
When prompted, enter the password for the user. After you enter the password, output similar to the following appears:
```
Password: password
{
  "result" : "Success"
}
```

Related Topics

okv admin client-wallet list Command

Parent topic: Client Wallet Management Commands

3.2 Endpoint Management Commands

The endpoint management commands enable you to perform endpoint-related tasks such as creating or provisioning endpoints.

okv admin endpoint check-status Command
The okv admin endpoint check-status command displays the current state of an endpoint. The state will be either ACTIVE or PENDING.
okv admin endpoint create Command
The okv admin endpoint create command adds a new endpoint to Oracle Key Vault.
okv admin endpoint delete Command
The okv admin endpoint delete command removes an endpoint from Oracle Key Vault.
okv admin endpoint download Command
The okv admin endpoint download command downloads the endpoint software (okvclient.jar) to the specified directory.
okv admin endpoint get-enrollment-token Command
The okv admin endpoint get-enrollment-token command retrieves an enrollment token for a registered endpoint.
okv admin endpoint provision Command
The okv admin endpoint provision command downloads and installs the endpoint software in the specified directory.
okv admin endpoint re-enroll Command
The okv admin endpoint re-enroll command re-enrolls a previously enrolled endpoint.
okv admin endpoint re-enroll-all Command
The okv admin endpoint re-enroll-all command re-enrolls all previously enrolled endpoints.
okv admin endpoint update Command
The okv admin endpoint update command updates the settings of an endpoint.

Parent topic: Administration Commands

3.2.1 okv admin endpoint check-status Command

The okv admin endpoint check-status command displays the current state of an endpoint. The state will be either ACTIVE or PENDING.

This command is meant primarily for multi-master cluster environments. However, it is still valid for other deployments and can be used to check the existence of an endpoint.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint check-status --endpoint endpoint_name|--locator-id UUID

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "check-status",
    "options" : {
      "endpoint" : "#VALUE",
      "locatorID" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter Required? Description

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint` or `--locator-id` / `locatorID`	Optional	The name of the endpoint or the locator ID (universally unique ID (UUID)) of the endpoint that you want to check. The `--locator-id` / `locatorID` is required only if you are using a multi-master cluster environment. You must specify either the `--endpoint` / `endpoint` value or the `--locator-id` / `locatorID` value, not both. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. To find the locator ID in the Oracle Key Vault management console, select the Cluster tab and then in the left navigation bar, select Conflict Resolution. In the Keys, Secrets & Objects table, check the Unique Identifier column.

--endpoint / endpoint or --locator-id / locatorID

Optional

The name of the endpoint or the locator ID (universally unique ID (UUID)) of the endpoint that you want to check. The --locator-id / locatorID is required only if you are using a multi-master cluster environment.

You must specify either the --endpoint / endpoint value or the --locator-id / locatorID value, not both.

To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.

To find the locator ID in the Oracle Key Vault management console, select the Cluster tab and then in the left navigation bar, select Conflict Resolution. In the Keys, Secrets & Objects table, check the Unique Identifier column.

JSON Example

Generate a JSON input template for the okv admin endpoint check-status command.

okv admin endpoint check-status --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "check-status",
    "options" : {
      "endpoint" : "#VALUE",
      "locatorID" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, check-status_ep.json) and then edit it to so that you can check the endpoint. Specify either the endpoint value or the locatorID value, but not both.
```
{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "check-status",
    "options" : {
      "locatorID" : "1AC9B321-6540-4F2B-809B-95FD7416999E"
    }
  }
}
```
Execute the okv admin endpoint check-status command using the generated JSON file.
```
okv admin endpoint check-status --from-json check-status_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success",
  "value" : {
    "status" : "ACTIVE",
    "endpoint" : "HR_DB_EP"
  }
}
```
The output includes the name of the endpoint if the endpoint object is in ACTIVE state. The endpoint name shown here may be different from what was specified at the endpoint creation time. If the endpoints with the same name are created on multiple cluster nodes, then Oracle Key Vault performs naming conflict resolution and it renames all but one endpoints by appending _OKVnode-id to the endpoint name. For example, if you named the endpoint HR_DB_EP, and there is a naming conflict, then the name could be HR_DB_EP_OKV01.

On deployments other than multi-master cluster, this command returns Success if the endpoint exists and output does not include entries showing the endpoint name and its state.

Parent topic: Endpoint Management Commands

3.2.2 okv admin endpoint create Command

The okv admin endpoint create command adds a new endpoint to Oracle Key Vault.

Required Authorization

System Administrator role or the Create Endpoint system privilege

After you add the endpoint, the endpoint will be in the Registered state.

Syntax

okv admin endpoint create --endpoint endpoint_name --description "description" --email email_address --platform platform --type type --subgroup "subgroup_value" --unique TRUE|FALSE

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "create",
    "options" : {
      "endpoint" : "#VALUE",
      "description" : "#VALUE",
      "email" : "#VALUE",
      "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS",
      "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER",
      "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP",
      "unique" : "#TRUE|FALSE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	The name of the endpoint that you want to add. See Naming Guidelines for Objects. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.
`--description` / `description`	Optional	A user friendly description of the endpoint. If the description contains spaces, you must enclose it within double quotation marks.
`--email` / `email`	Optional	Email address of the endpoint administrator. Enclose this value in double quotation marks.
`--platform` / `platform`	Required	The endpoint platform. Allowed values are: `LINUX64` `SOLARIS64` `SOLARIS_SPARC` `AIX` `HP-UX` `WINDOWS`
`--type`	Required	Type of the endpoint. Allowed values are: `ORACLE_DB` `ORACLE_NON_DB` `ORACLE_ACFS` `MYSQL_DB` `OTHER`
`--subgroup`	Optional	For multi-master cluster environments, defines the affinity that an endpoint will have to a specific Oracle Key Vault cluster subgroup. Values are as follows: Enter the name of a multi-master cluster subgroup. To find subgroups, in the Oracle Key Vault management console, select the Cluster tab, then Management in the left navigation bar. Subgroups for the cluster are listed under Cluster Information. `NO SUBGROUP` creates an endpoint that will have no Oracle Key Vault cluster subgroup affinity. `USE CREATOR SUBGROUP` creates an endpoint with affinity to the Oracle Key Vault cluster subgroup to which the node belongs where the endpoint is created.
`--unique`	Optional	In a multi-master cluster environment, creates the endpoint as a unique endpoint. In a multi-master cluster, it is possible that an endpoint with the same name could be created from two different nodes. If that happens, then endpoint names may conflict. The Oracle Key Vault conflict resolution scheme will keep one endpoint with the given name and rename other endpoints with the conflicting names to a name using this format: `given_ep_name_OKVnode_id`. Valid settings are as follows: `TRUE` appends `_OKVnode_id` to the given name and thus prevent the conflict for this endpoint name. The endpoint is immediately usable. `FALSE` (default) causes Oracle Key Vault to begin a checking process to find if the endpoint name is unique. A unique ID is returned. You can use this ID to check the status of the endpoint creation, whether it is in progress (`PENDING`) or complete (`ACTIVE`). If the status is `PENDING`, then it is not yet usable, so any actions performed on the endpoint will fail. If the status is `ACTIVE`, then the endpoint is usable. To check the status, execute the `okv admin endpoint check_status` command. If the name that you provided is already used in another node, then the name for this endpoint will have `_OKVxx` appended to it. For example, if you named the endpoint `ep12`, and there is a naming conflict, the name could be `EP12_OKV01`.

JSON Example

Generate JSON input for the okv admin endpoint create command.

okv admin endpoint create --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "create",
    "options" : {
      "endpoint" : "#VALUE",
      "description" : "#VALUE",
      "email" : "#VALUE",
      "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS",
      "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER",
      "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP",
      "unique" : "#TRUE|FALSE"
    }
  }
}

Save the generated input to a file (for example, create_ep.json) and then edit it so that you can create the endpoint.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "create",
    "options" : {
      "endpoint" : "hr_db_ep",
      "description" : "HR database endpoint",
      "email" : "pfitch@example.com",
      "platform" : "LINUX64",
      "type" : "ORACLE_DB",
      "subgroup" : "USE CREATOR SUBGROUP",
      "unique" : "FALSE"
    }
  }
}

Execute the okv admin endpoint create command using the generated JSON file.
```
okv admin endpoint create --from-json create_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success",
  "value" : {
    "status" : "PENDING",
    "locatorID" : "1AC9B321-6540-4F2B-809B-95FD7416999E"
  }
}
```
You can use the locatorID from above output with the okv admin endpoint check-status command to display the current state of the endpoint object. If the object status is ACTIVE, this command also displays the object name after the conflict-name resolution.

Parent topic: Endpoint Management Commands

3.2.3 okv admin endpoint delete Command

The okv admin endpoint delete command removes an endpoint from Oracle Key Vault.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint delete --endpoint endpoint_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "delete",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.

JSON Example

Generate JSON input for the okv admin endpoint delete command.

okv admin endpoint delete --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "delete",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, delete_ep.json) and then edit it so that you can delete the endpoint.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "delete",
    "options" : {
      "endpoint" : "sales_db_ep"
    }
  }
}

Execute the okv admin endpoint delete command using the generated JSON file.
```
okv admin endpoint delete --from-json delete_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success"
}
```

Parent topic: Endpoint Management Commands

3.2.4 okv admin endpoint download Command

The okv admin endpoint download command downloads the endpoint software (okvclient.jar) to the specified directory.

If you want to both download and then install the endpoint software, then use the okv admin endpoint provision command.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint download --endpoint endpoint_name --location download_location

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "download",
    "options" : {
      "endpoint" : "#VALUE",
      "location" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.
`--location` `location`	Required	Absolute path to the download directory for the endpoint software. For example, if you specify `/tmp`, then the endpoint software is downloaded to `/tmp/endpoint_name/okvclient.jar`.

JSON Example

Generate JSON input for the okv admin endpoint download command.

okv admin endpoint download --generate-json-input

The genereated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "download",
    "options" : {
      "endpoint" : "#VALUE",
      "location" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, download_ep.json) and then edit it so that you can create the endpoint.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "download",
    "options" : {
      "endpoint" : "hr_db_ep",
      "location": "/opt/downloads/okv"
    }
  }
}

Execute the okv admin endpoint download command using the generated JSON file.
```
okv admin endpoint download --from-json download_ep.json
```
A successful download of the okvclient.jar file displays the following output:
```
{
  "result" : "Success"
}
```

Related Topics

okv admin endpoint provision Command

Parent topic: Endpoint Management Commands

3.2.5 okv admin endpoint get-enrollment-token Command

The okv admin endpoint get-enrollment-token command retrieves an enrollment token for a registered endpoint.

The enrollment token is a one-time token that is generated during the endpoint creation (registration). This token is then used to download the software and install the endpoint. The okv admin endpoint get-enrollment-token is useful for the cases where the endpoint administrator (and not the Oracle Key Vault administrator) must download and provision the endpoint. These endpoint administrators, who generally are not Oracle Key Vault users, use the Oracle Key Vault management console to download the endpoint software by providing the token. The okv admin endpoint get-enrollment-token command enables the Oracle Key Vault administrator to retrieve the token using the RESTful services utility, and then pass it securely to an endpoint administrator through an out-of-band channel (for example, email).

This command will work only for endpoints in the Registered state.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint get-enrollment-token --endpoint endpoint_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "get-enrollment-token",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	Name of the registered endpoint. To find existing registered endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.

JSON Example

Generate JSON input for the okv admin endpoint get-enrollment-token command.

okv admin endpoint get-enrollment-token --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "get-enrollment-token",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Save the generated input to a file (for example, get_token.json) and then edit it so that you can get the enrollment token.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "get-enrollment-token",
    "options" : {
      "endpoint" : "hr_db_ep"
    }
  }
}

Execute the okv admin endpoint get-enrollment-token command using the generated JSON file.
```
okv admin endpoint get-enrollment-token --from-json get_token.json
```
Output showing the enrollment token appears, similar to the following:
```
{
  "result" : "Success",
  "value" : {
    "token" : "Si71duR2mGQ8naSZ"
  }
}
```

Parent topic: Endpoint Management Commands

3.2.6 okv admin endpoint provision Command

The okv admin endpoint provision command downloads and installs the endpoint software in the specified directory.

This directory should have read, write and execute permissions for the owner and its group. For example, if the Oracle Key Vault endpoint software is installed in an Oracle Database server, then this endpoint installation directory should have read, write, and execute permissions by the oracle user and the oinstall group. This ensures that processes can access directories appropriately at run time.

You must meet the following prerequisites to run this command:

You must be a user with System Administrator role or the Manage Endpoint object privilege for the endpoint.
You must ensure that the soft link/usr/bin/java points to $ORACLE_HOME/jdk/jre/bin/java.
You must know how the installation process determines the location of the okvclient.ora file.

If you only want to download the endpoint software but not install it, then use the okv admin endpoint download command.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint provision --endpoint endpoint_name --location software_location --auto-login TRUE|FALSE

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "provision",
    "options" : {
      "endpoint" : "#VALUE",
      "location" : "#VALUE",
      "autoLogin" : "#TRUE|FALSE"
    }
  }
}

Parameters

Parameter/Template Parameter Required? Description

--endpoint / endpoint

Required

Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.

--location / location

Required

Path to the location where to install the endpoint software. For Transparent Data Encryption (TDE) environments, specify WALLET_ROOT/okv as the installation directory.

--auto-login / autoLogin

Optional

Enter one of the following values:

TRUE to enable auto-login authentication
FALSE (default) to store the endpoint credentials that are used to connect to the Oracle Key Vault server in a password-protected wallet. When --auto-login is set to FALSE, then you will be prompted to enter a password interactively.

JSON Example

Generate JSON input for the okv admin endpoint provision command.

okv admin endpoint provision --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "provision",
    "options" : {
      "endpoint" : "#VALUE",
      "location" : "#VALUE",
      "autoLogin" : "#TRUE|FALSE"
    }
  }
}

Save the generated input to a file (for example, provision_ep.json) and then edit it so that you can download and install the endpoint software.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "provision",
    "options" : {
      "endpoint" : "hr_db_ep",
      "location" : "/u01/opt/oracle/product/okv",
      "autoLogin" : "TRUE"
    }
  }
}

Execute the okv admin endpoint provision command using the generated JSON file.
```
okv admin endpoint provision --from-json provision_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success"
}
```

Related Topics

Parent topic: Endpoint Management Commands

3.2.7 okv admin endpoint re-enroll Command

The okv admin endpoint re-enroll command re-enrolls a previously enrolled endpoint.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint re-enroll --endpoint endpoint_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "re-enroll",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.

JSON Example

Generate JSON input for the okv admin endpoint re-enroll command.

okv admin endpoint re-enroll --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "re-enroll",
    "options" : {
      "endpoint" : "#VALUE"
    }
  }
}

Save the generate input to a file (for example, re-enroll_ep.json) and then edit it so that you can re-enroll the endpoint.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "re-enroll",
    "options" : {
      "endpoint" : "hr_db_ep"
    }
  }
}

Execute the okv admin endpoint re-enroll command using the generated JSON file.
```
okv admin endpoint re-enroll --from-json re-enroll_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success"
}
```

Parent topic: Endpoint Management Commands

3.2.8 okv admin endpoint re-enroll-all Command

The okv admin endpoint re-enroll-all command re-enrolls all previously enrolled endpoints.

Required Authorization

System Administrator role

Syntax

okv admin endpoint re-enroll-all

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "re-enroll-all"
  }
}

Parameters

None

JSON Example

Generate JSON input for the okv admin endpoint re-enroll-all command.

okv admin endpoint re-enroll-all --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "re-enroll-all"
  }
}

Save the generate input to a file (for example, re-enroll-all_ep.json).
Execute the okv admin endpoint re-enroll-all command using the generated JSON file.
```
okv admin endpoint re-enroll-all --from-json re-enroll-all_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success"
}
```

Parent topic: Endpoint Management Commands

3.2.9 okv admin endpoint update Command

The okv admin endpoint update command updates the settings of an endpoint.

Required Authorization

System Administrator role or the Manage Endpoint object privilege for the endpoint

Syntax

okv admin endpoint update --endpoint endpoint_name --description "description" --email email_address --platform platform --type type  --subgroup "subgroup_value" --unique TRUE|FALSE --name new_endpoint_name

JSON Input File Template

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "update",
    "options" : {
      "endpoint" : "#VALUE",
      "name" : "#VALUE",
      "description" : "#VALUE",
      "email" : "#VALUE",
      "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS",
      "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER",
      "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP",
      "unique" : "#TRUE|FALSE"
    }
  }
}

Parameters

Parameter/Template Parameter	Required?	Description
`--endpoint` / `endpoint`	Required	Name of the endpoint that you want to update. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page.
`--description` / `description`	Optional	A user-friendly description of the endpoint. If the description contains spaces, you must enclose it within double quotation marks.
`--email` / `email`	Optional	Email address of the endpoint administrator. Enclose this value in double quotation marks.
`--platform` / `platform`	Optional	The endpoint platform. Allowed values are: `LINUX64` `SOLARIS64` `SOLARIS_SPARC` `AIX` `HP-UX` `WINDOWS`
`--type` / `type`	Optional	Type of the endpoint. Allowed values are: `ORACLE_DB` `ORACLE_NON_DB` `ORACLE_ACFS` `MYSQL_DB` `OTHER`
`--subgroup` / `subgroup`	Optional	For multi-master cluster environments, defines the affinity that an endpoint will have to a specific Oracle Key Vault cluster subgroup. Values are as follows: Enter the name of a multi-master cluster subgroup. To find subgroups, in the Oracle Key Vault management console, select the Cluster tab, then Management in the left navigation bar. Subgroups for the cluster are listed under Cluster Information. `NO SUBGROUP` creates an endpoint that will have no Oracle Key Vault cluster subgroup affinity. `USE CREATOR SUBGROUP` creates an endpoint with affinity to the Oracle Key Vault cluster subgroup to which the node that the endpoint is created in belongs.
`--unique` / `unique`	Optional	In a multi-master cluster environment, creates the endpoint as a unique endpoint. In a multi-master cluster, it is possible that an endpoint with the same name could be created from two different nodes. If that happens, then endpoint names may conflict. The Oracle Key Vault conflict resolution scheme will keep one endpoint with the given name and rename other endpoints with the conflicting names to a name using this format: `given_ep_name_OKVnode_id`. Valid settings are as follows: `TRUE` appends `_OKVnode_id` to the given name and thus prevent the conflict for this endpoint name. `FALSE` (default) causes Oracle Key Vault to begin a checking process to find if the endpoint name is unique. A unique ID is returned. You can use this ID to check the status of the endpoint creation, whether it is in progress (`PENDING`) or complete (`ACTIVE`). If the status is `PENDING`, then it is not yet usable, so any actions performed on the endpoint will fail. If the status is `ACTIVE`, then the endpoint is usable. To check the status, execute the `okv admin endpoint check_status` command. If the name that you provided is already used in another node, then the name for this endpoint will have `_OKVxx` appended to it. For example, if you named the endpoint `ep12`, and there is a naming conflict, the name could be `EP12_OKV01`.
`--name` / `name`	Optional	A new name for the endpoint. See Naming Guidelines for Objects.

JSON Example

Generate JSON input for the okv admin endpoint update command.

okv admin endpoint update --generate-json-input

The generated input appears as follows:

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "update",
    "options" : {
      "endpoint" : "#VALUE",
      "name" : "#VALUE",
      "description" : "#VALUE",
      "email" : "#VALUE",
      "platform" : "#LINUX64|SOLARIS64|SOLARIS_SPARC|HP-UX|AIX|WINDOWS",
      "type" : "#ORACLE_DB|ORACLE_NON_DB|ORACLE_ACFS|MYSQL_DB|OTHER",
      "subgroup" : "#VALUE|NO SUBGROUP|USE CREATOR SUBGROUP",
      "unique" : "#TRUE|FALSE"
    }
  }
}

Save the generated input to a file (for example, update_ep.json) and then edit it so that you can update the endpoint.

{
  "service" : {
    "category" : "admin",
    "resource" : "endpoint",
    "action" : "update",
    "options" : {
      "endpoint" : "hr_db_ep",
      "name" : "HR_DB"
    }
  }
}

Execute the okv admin endpoint update command using the generated JSON file.
```
okv admin endpoint update --from-json update_ep.json
```
Output similar to the following appears:
```
{
  "result" : "Success",
  "value" : {
    "status" : "PENDING",
    "locatorID" : "C27E950A-0DF3-402E-BB40-4903FC936C85"
  }
}
```
This example shows the output for renaming an endpoint in a multi-master cluster. On renaming, an endpoint is placed into the PENDING state for the duration of the naming conflict resolution.

Unless you renamed the endpoint in a multi-master cluster, the status and locatorID entries are not included in the output.

Parent topic: Endpoint Management Commands