4 Access Management Commands
You can use the access management commands to manage wallets and endpoint groups.
- okv manage-access endpoint-group add-endpoint Command
Theokv manage-access endpoint-group add-endpoint
command adds an existing endpoint to an endpoint group. - okv manage-access endpoint-group check-status Command
Theokv manage-access endpoint-group check-status
command checks the naming conflict resolution status of an endpoint group in a multi-master cluster. - okv manage-access endpoint-group create Command
Theokv manage-access endpoint-group create
command creates a new endpoint group. - okv manage-access endpoint-group delete Command
Theokv manage-access endpoint-group delete
command deletes an endpoint group. - okv manage-access endpoint-group remove-endpoint Command
Theokv manage-access endpoint-group remove-endpoint
command removes an endpoint from an endpoint group. - okv manage-access endpoint-group update Command
Theokv manage-access endpoint-group update
command changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique. - okv manage-access wallet add-access Command
Theokv manage-access wallet add-access
command grants an endpoint or an endpoint group a level of access to a wallet. - okv manage-access wallet check-status Command
Theokv manage-access wallet check-status
command checks the naming conflict resolution status of a wallet in a multi-master cluster. - okv manage-access wallet create Command
Theokv manage-access wallet create
command creates a wallet. - okv manage-access wallet delete Command
Theokv manage-access wallet delete
command deletes a wallet. - okv manage-access wallet get-default Command
Theokv manage-access wallet get-default
command gets the default wallet that has been associated with an endpoint. - okv manage-access wallet list-endpoint-wallets Command
Theokv manage-access wallet list-endpoint-wallets
command lists the wallets that are associated with an endpoint. - okv manage-access wallet remove-access Command
Theokv manage-access wallet remove-access
command removes the access that an endpoint or an endpoint group has to a wallet. - okv manage-access wallet set-default Command
Theokv manage-access wallet set-default
command sets the default wallet for an endpoint. - okv manage-access wallet update Command
Theokv manage-access wallet update
command updates a wallet. - okv manage-access wallet update-access Command
Theokv manage-access wallet update-access
command updates the level of access that an endpoint or an endpoint group has to a wallet.
4.1 okv manage-access endpoint-group add-endpoint Command
The okv manage-access endpoint-group add-endpoint
command adds an existing endpoint to an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group add-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_member
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoint Groups page. |
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group add-endpoint
command.okv manage-access endpoint-group add-endpoint --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
add_ep_to_group.json
) and then edit it so that you can add the endpoint to an endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access endpoint-group add-endpoint
command using the generated JSON file.okv manage-access endpoint-group add-endpoint --from-json add_ep_to_group.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.2 okv manage-access endpoint-group check-status Command
The okv manage-access endpoint-group check-status
command checks the naming conflict resolution status of an endpoint group in a multi-master cluster.
This command is meant primarily for multi-master cluster environments. However, it is still valid for other deployments and can be used to check the existence of an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group check-status --endpoint-group endpoint_group_name|--locator-id UUID
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "endpointGroup" : "#VALUE", "locatorID" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
The name of the endpoint group or the locator ID (universally unique ID (UUID)) of the endpoint group that you want to check. The You must specify either the To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab, then Endpoint Groups in the left navigation bar, and in the Endpoint Groups page, check the Endpoints Groups page. To find the locator ID in the Oracle Key Vault management console, select the Cluster tab and then in the left navigation bar, select Conflict Resolution. In the Keys, Secrets & Objects table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group check-status
command.okv manage-access endpoint-group check-status --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "endpointGroup" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example,
check-status_epg.json
) and then edit it so that you can check the endpoint group's status. Specify either theendpointGroup
value or thelocatorID
value, but not both.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } } }
- Execute the
okv manage-access endpoint-group check-status
command using the generated JSON file.okv manage-access endpoint-group check-status --from-json check-status_epg.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "ACTIVE", "endpointGroup" : "EPG_HR" } }
Output includes the name of the endpoint group if the endpoint group object is in
ACTIVE
state. The endpoint group name shown here may be different from what was specified at the endpoint group creation time. If the endpoint groups with the same name are created on multiple cluster nodes, then Oracle Key Vault performs naming conflict resolution and it renames all but one endpoint groups by appending_OKVnode-id
to the endpoint group name. For example, if you named the endpoint groupEPG_HR
, and there is a naming conflict, then the name could beEPG_HR_OKV01
.On deployments other than multi-master cluster, this command returns
Success
if the endpoint group exists and output does not include entries showing the endpoint group name and its state.
Parent topic: Access Management Commands
4.3 okv manage-access endpoint-group create Command
The okv manage-access endpoint-group create
command creates a new endpoint group.
Required Authorization
Key Administrator role or Create Endpoint Group system privilege
Syntax
okv manage-access endpoint-group create --endpoint-group endpoint_group_name --description "endpoint group description" --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. See Naming Guidelines for Objects. To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoint Groups page. |
|
Optional |
A user-friendly description of the endpoint group enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group create
command.okv manage-access endpoint-group create --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
create_epg.json
) and then edit it so that you can create the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "epg_hr", "description" : "HR endpoint group", "unique" : "FALSE" } } }
- Execute the
okv manage-access endpoint-group create
command using the generated JSON file.okv manage-access endpoint-group create --from-json create_epg.json
Output for a multi-master cluster environment appears similar to the following:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }
You can use the
locatorID
from this output with theokv manage-access endpoint-group check-status
command to display the current state of the endpoint group object. If the object status isACTIVE
, this command also displays the object name after the conflict-name resolution.
Parent topic: Access Management Commands
4.4 okv manage-access endpoint-group delete Command
The okv manage-access endpoint-group delete
command deletes an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group delete --endpoint-group endpoint_group_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoint Groups page. |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group delete
command.okv manage-access endpoint-group delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "#VALUE" } } }
- Save the generated input to a file (for example,
delete_epg.json
) and then edit it so that you can delete the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "epg_hr" } } }
- Execute the
okv manage-access endpoint-group delete
command using the generated JSON file.okv manage-access endpoint-group delete --from-json delete_epg.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.5 okv manage-access endpoint-group remove-endpoint Command
The okv manage-access endpoint-group remove-endpoint
command removes an endpoint from an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group remove-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group that you want to remove. To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoint Groups page. |
|
Required |
Name of the endpoint that is associated with the endpoint group. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group remove-endpoint
command.okv manage-access endpoint-group remove-endpoint --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
remove_ep_from_epg.json
) and then edit it so that you can remove the endpoint from the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access endpoint-group remove-endpoint
command using the generated JSON file.okv manage-access endpoint-group remove-endpoint --from-json remove_ep_from_epg.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.6 okv manage-access endpoint-group update Command
The okv manage-access endpoint-group update
command changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group update --endpoint-group endpoint_group_name --description "description" --name new_endpoint_group_name --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Current name of the endpoint group. To find existing endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoint Groups page. |
|
Optional |
A user-friendly description of the endpoint group enclosed within double quotation marks |
|
Optional |
New endpoint group name. See Naming Guidelines for Objects. |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group update
command.okv manage-access endpoint-group update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
epg_update.json
) and then edit it so that you can update the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "epg_hr", "name" : "epg_hr_global", "description" : "Global HR Endpoint Group", "unique" : "FALSE" } } }
- Execute the
okv manage-access endpoint-group update
command using the generated JSON file.okv manage-access endpoint-group update --from-json epg_update.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }
This example shows the output for renaming an endpoint group in a multi-master cluster. On renaming, an endpoint group is placed into the
PENDING
state for the duration of the naming conflict resolution.You can use the
locatorID
from this output with theokv manage-access endpoint-group check-status
command to display the current state of the endpoint group object. If the object status isACTIVE
, then this command also displays the object name after the conflict-name resolution.Unless you renamed the endpoint group in a multi-master cluster, the status and
locatorID
entries are not included in the output.
Parent topic: Access Management Commands
4.7 okv manage-access wallet add-access Command
The okv manage-access wallet add-access
command grants an endpoint or an endpoint group a level of access to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet add-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "#VALUE", "endpointGroup": "#VALUE", "endpoint": "#VALUE", "access": "#RO|RM|RO_MW|RM_MW" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
or
|
Required |
Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. For endpoint groups, check the Endpoint Groups page. |
|
Required |
Enter one of the following values:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet add-access
command.okv manage-access wallet add-access --generate-json-input
The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both.
{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "#VALUE", "endpointGroup": "#VALUE", "endpoint": "#VALUE", "access": "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example,
add_access_wallet.json
) and then edit it so that you can add wallet access to the endpoint or endpoint group. The following example is for the wallet access to an endpoint only.{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "hr_wallet", "endpoint": "hr_db_ep", "access": "RO" } } }
- Execute the
okv manage-access wallet add-access
command using the generated JSON file.okv manage-access wallet add-access --from-json add_access_wallet.json
Output similar to the following appears:
{ "result": "Success" }
Parent topic: Access Management Commands
4.8 okv manage-access wallet check-status Command
The okv manage-access wallet check-status
command checks the naming conflict resolution status of a wallet in a multi-master cluster.
This command is meant primarily for multi-master cluster environments. However, it is still valid for other deployments and can be used to check the existence of a wallet.
This command uses a user name and password for the authentication.
Required Authorization
None, but the user only gets the status for the wallets to which he or she has access.
Syntax
okv manage-access wallet check-status --wallet wallet_name|--locator-id UUID
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "wallet" : "#VALUE", "locatorID" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
The name of the wallet or the locator ID (universally unique ID (UUID)) of the wallet that you want to check. The You must specify either the To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. To find the locator ID in the Oracle Key Vault management console, select the Cluster tab and then in the left navigation bar, select Conflict Resolution. In the Keys, Secrets & Objects table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv manage-access wallet check-status
command.okv manage-access wallet check-status --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "wallet" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example,
check_wallet.json
) and then edit it so that you can check the status of the wallet. Specify either thewallet
value or thelocatorID
value, but not both.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } } }
- Execute the
okv manage-access wallet check-status
command using the generated JSON file.okv manage-access wallet check-status --from-json check_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "ACTIVE", "wallet" : "hr_wallet" } }
Output includes the name of the wallet if the wallet object is in
ACTIVE
state. The wallet name shown here may be different from what was specified at the wallet creation time. If the wallets with the same name are created on multiple cluster nodes, Oracle Key Vault performs naming conflict resolution and it renames all but one wallets by appending_OKVnode-id
to the wallet name. For example, if you named the walletHR_WALLET
, and there is a naming conflict, the name could beHR_WALLET_OKV01
.On deployments other than multi-master cluster, this command returns
Success
if the wallet exists and output does not include entries showing the wallet name and its state.
Parent topic: Access Management Commands
4.9 okv manage-access wallet create Command
The okv manage-access wallet create
command creates a wallet.
This command uses a user name and password for the authentication.
Required Authorization
None
Syntax
okv manage-access wallet create --wallet wallet_name --description "wallet_description" --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
|
Optional |
A user-friendly description for the wallet, enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet create
command.okv manage-access wallet create --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
create_wallet.json
) and then edit it so that you can create the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "hr_wallet", "description" : "wallet for HR endpoint", "unique" : "FALSE" } } }
- Execute the
okv manage-access wallet create
command using the generated JSON file.okv manage-access wallet create --from-json create_wallet.json
Output for a multi-master cluster environment appears similar to the following:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }
You can use the
locatorID
from this output with theokv manage-access wallet check-status
command to display the current state of the wallet object. If the object status isACTIVE
, then this command also displays the object name after the conflict-name resolution.
Related Topics
Parent topic: Access Management Commands
4.10 okv manage-access wallet delete Command
The okv manage-access wallet delete
command deletes a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet delete --wallet wallet_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "delete", "options" : { "wallet" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
JSON Example
- Generate JSON input for the
okv manage-access wallet delete
command.okv manage-access wallet delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "delete", "options" : { "wallet" : "#VALUE" } } }
- Save the generated input to a file (for example,
del_wallet.json
) and then edit it so that you can delete the wallet from Oracle Key Vault.{ "service" : { "category" : "manage-access", "resource ": "wallet", "action" : "delete", "options" : { "wallet" : "hr_wallet" } } }
- Execute the
okv manage-access wallet delete
command using the generated JSON file.okv manage-access wallet delete --from-json del_wallet.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.11 okv manage-access wallet get-default Command
The okv manage-access wallet get-default
command gets the default wallet that has been associated with an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
None, but the default wallet information for the endpoint is returned if the user has some level of access on that wallet.
Syntax
okv manage-access wallet get-default --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
JSON Example
- Generate JSON input for the
okv manage-access wallet get-default
command.okv manage-access wallet get-default --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_def_wallet.json
) and then edit it so that you can get the default wallet that is associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access wallet get-default
command using the generated JSON file.okv manage-access wallet get-default --from-json get_def_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "defaultWallet" : "hr_wallet" } }
Parent topic: Access Management Commands
4.12 okv manage-access wallet list-endpoint-wallets Command
The okv manage-access wallet list-endpoint-wallets
command lists the wallets that are associated with an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
None, but this command returns information about only those wallets on which user has some level of access.
Syntax
okv manage-access wallet list-endpoint-wallets --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
The name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page |
JSON Example
- Generate JSON input for the
okv manage-access wallet list-endpoint-wallets
command.okv manage-access wallet list-endpoint-wallets --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
list_ep_wallets.json
) and then edit it so that you can find the wallets that are associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access wallet list-endpoint-wallets
command using the generated JSON file.okv manage-access wallet list-endpoint-wallets --from-json list_ep_wallets.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "wallets" : [ "Wallet10", "Wallet11" ] } }
Parent topic: Access Management Commands
4.13 okv manage-access wallet remove-access Command
The okv manage-access wallet remove-access
command removes the access that an endpoint or an endpoint group has to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet remove-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
or
|
Required |
Name of the endpoint or endpoint group. To find existing endpoints or endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints or Endpoint Groups page. |
JSON Example
- Generate JSON input for the
okv manage-access wallet remove-access
command.okv manage-access wallet remove-access --generate-json-input
The generated input appears as follows. This output includes the entire output, for both the endpoint and endpoint group. When you edit it, you must include the entry for either the endpoint or the endpoint group, but not both.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
remove_wallet_access_ep.json
) and then edit it so that you can remove wallet access from an endpoint or an endpoint group. The following example shows how to remove access from an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access wallet remove-access
command using the generated JSON file.okv manage-access wallet remove-access --from-json remove_wallet_access_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.14 okv manage-access wallet set-default Command
The okv manage-access wallet set-default
command sets the default wallet for an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or Manage Endpoint privilege for the endpoint and Full Wallet privileges on the wallet
Syntax
okv manage-access wallet set-default --wallet wallet_name --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
|
Required |
Name of the endpoint. To find existing endpoints, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints page. |
Example
- Generate JSON input for the
okv manage-access wallet set-default
command.okv manage-access wallet set-default --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
set_def_wallet.json
) and then edit it so that you can set the default wallet for an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Execute the
okv manage-access wallet set-default
command using the generated JSON file.okv manage-access wallet set-default --from-json set_def_wallet.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.15 okv manage-access wallet update Command
The okv manage-access wallet update
command updates a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet update --wallet wallet_name --name new_wallet_name
--description description --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
|
Optional |
A new name for the wallet. See Naming Guidelines for Objects. |
|
Optional |
A user-friendly description for the wallet, enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet update
command.okv manage-access wallet update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
update_wallet.json
) and then edit it so that you can update the name and description of a wallet. This example shows how to update the name of a wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "hr_wallet", "name" : "global_hr_wallet", "unique" : "FALSE" } } }
- Execute the
okv manage-access wallet update
command using the generated JSON file.okv manage-access wallet update --from-json update_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }
This example shows the output for renaming a wallet in a multi-master cluster. On renaming, a wallet is placed into the
PENDING
state for the duration of the naming conflict resolution.Unless you renamed the wallet in a multi-master cluster, the status and locatorID entries are not included in the output.
Related Topics
Parent topic: Access Management Commands
4.16 okv manage-access wallet update-access Command
The okv manage-access wallet update-access
command updates the level of access that an endpoint or an endpoint group has to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet update-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE", "access" : "#RO|RM|RO_MW|RM_MW" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, in the Oracle Key Vault management console, select the Keys & Wallets tab, and then click Wallets in the left navigation bar. |
or
|
Required |
Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find existing endpoints or endpoint groups, in the Oracle Key Vault management console, select the Endpoints tab and then check the Endpoints or Endpoint Groups page. |
|
Required |
Enter one of the following values:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet update-access
command.okv manage-access wallet update-access --generate-json-input
The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE", "access" : "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example,
update_wallet_access_ep.json
) and then edit it so that you can update the wallet access to an endpoint or an endpoint group. This example shows how to update access of a wallet to an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep", "access" : "RM" } } }
- Execute the
okv manage-access wallet update-access
command using the generated JSON file.okv manage-access wallet update-access --from-json update_wallet_access_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands