5 Security Object Commands
Endpoints can make use of the security object commands to operate on the managed objects.
- okv managed-object attribute add Command
Theokv managed-object attribute add
command adds one or more attributes to a security object. - okv managed-object attribute delete Command
Theokv managed-object attribute delete
command deletes one or more attributes associated with a security object. - okv managed-object attribute get Command
Theokv managed-object attribute get
command retrieves an attribute or list of attributes of a security object. - okv managed-object attribute get-all Command
Theokv managed-object attribute get-all
command retrieves all attributes of a security object. - okv managed-object object fetch Command
Theokv managed-object fetch
fetches a security object and its attributes together. - okv managed-object attribute list Command
Theokv managed-object attribute list
command retrieves the names of attributes associated with a security object. - okv managed-object attribute modify Command
Theokv managed-object attribute modify
command modifies attributes that are associated with a security object. - okv managed-object certificate get Command
Theokv managed-object certificate get
command retrieves a digital certificate. - okv managed-object certificate register Command
Theokv managed-object certificate register
command registers a certificate. - okv managed-object certificate-request get Command
Theokv managed-object certificate-request get
command retrieves a certificate request. - okv managed-object certificate-request register Command
Theokv managed-object certificate-request register
command registers a certificate request object with Oracle Key Vault. - okv managed-object custom-attribute add Command
Theokv managed-object custom-attribute add
command adds a custom attribute to a security object. - okv managed-object custom-attribute delete Command
Theokv managed-object custom-attribute delete
command deletes a custom attribute of a security object. - okv managed-object custom-attribute modify Command
Theokv managed-object custom-attribute modify
command modifies a custom attribute of a security object. - okv managed-object key create Command
Theokv managed-object key create
command creates a symmetric key. - okv managed-object key get Command
Theokv managed-object key get
command retrieves a symmetric key. - okv managed-object key register Command
Theokv managed-object key register
command registers a symmetric key. - okv managed-object object activate Command
Theokv managed-object object activate
command activates a security object. - okv managed-object object destroy Command
Theokv managed-object object destroy
command requests the server to destroy the key data for a security object. - okv managed-object object locate Command
Theokv managed-object object locate
command locates a security object. - okv managed-object object query Command
Theokv managed-object object query
command identifies supported operations and objects. - okv managed-object object revoke Command
Theokv managed-object object revoke
command revokes a security object. - okv managed-object opaque get Command
Theokv managed-object opaque get
command retrieves an object that contains opaque data. - okv managed-object opaque register Command
Theokv managed-object opaque register
command registers an opaque security object. - okv managed-object private-key get Command
Theokv managed-object private-key get
command retrieves a private key. - okv managed-object private-key register Command
Theokv managed-object private-key register
command registers a private key. - okv managed-object public-key get Command
Theokv managed-object public-key get
command retrieves a public key. - okv managed-object public-key register Command
Theokv managed-object public-key register
command registers a public key. - okv managed-object secret get Command
Theokv managed-object secret get
command retrieves the secret data from a security object of type secret. - okv managed-object secret register Command
Theokv managed-object secret register
command registers secret data such as passwords or random seeds. - okv managed-object wallet add-member Command
Theokv managed-object wallet add-member
command adds a security object to a wallet as its member. - okv managed-object wallet delete-member Command
Theokv managed-object wallet delete-member
command deletes the membership of the managed-object from a wallet. - okv managed-object wallet list Command
Theokv managed-object wallet list
command lists wallets that have their access granted to the endpoint used to connect to Oracle Key Vault.
5.1 okv managed-object attribute add Command
The okv managed-object attribute add
command adds one or more attributes to a security object.
To find the existing attributes for the security object, run the okv managed-object attribute list
command. If you want to create a custom attribute, then use the okv managed-object custom-attribute add
command.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
Uses JSON syntax only: okv managed-object attribute add --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "add", "options" : { "uuid" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "protectStopDate" : "#VALUE", "processStartDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Array of attribute names. You must use the JSON syntax to add an attribute. You cannot specify attributes at the command line. To find the existing attributes for the managed object, run the Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for more details about these attributes. |
JSON Example
- Generate JSON input for the
okv managed-object attribute add
command and save it asadd-attrib.json
.okv managed-object attribute add --generate-json-input > add-attrib.json; more add-attrib.json
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "add", "options" : { "uuid" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "protectStopDate" : "#VALUE", "processStartDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
add_attribute.json
) and then edit it to include the attributes for the security object. For example:{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "add", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "attributes" : { "contactInfo" : "psmith@example.com", "deactivationDate" : "2024-12-31 09:00:00", "name" : { "value" : "prod-hrdb-mkey", "type" : "text" }, "protectStopDate" : "2024-09-30 09:00:00" } } } }
- Run the
okv managed-object attribute add
command using the generated JSON file.okv managed-object attribute add --from-json add_attribute.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "attributes" : { "contactInfo" : "Added", "deactivationDate" : "Added", "name" : "Added", "protectStopDate" : "Added" } } }
Parent topic: Security Object Commands
5.2 okv managed-object attribute delete Command
The okv managed-object attribute delete
command deletes one or more attributes associated with a security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
Uses JSON syntax only: okv managed-object attribute delete --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "attribute", "action": "delete", "options": { "uuid": "#VALUE", "attributes": { "name": { "value": "#VALUE" }, "contactInfo": "#VALUE", "activationDate": "#VALUE", "deactivationDate": "#VALUE", "protectStopDate": "#VALUE", "processStartDate": "#VALUE" } } } }
Parameters
Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Array of attribute names. You must use the JSON syntax to specify the attribute. You cannot specify attributes at the command line. To find the existing attributes for the managed object, run the Attributes that you can delete are as follows:
|
JSON Example
- Generate JSON input for the
okv managed-object attribute delete
command.okv managed-object attribute delete --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "attribute", "action": "delete", "options": { "uuid": "#VALUE", "attributes": { "name": { "value": "#VALUE" }, "contactInfo": "#VALUE", "activationDate": "#VALUE", "deactivationDate": "#VALUE", "protectStopDate": "#VALUE", "processStartDate": "#VALUE" } } } }
- Save the generated input to a file (for example,
del_attribute.json
) and then edit it so that you can delete the attributes associated with a security object.{ "service": { "category": "managed-object", "resource": "attribute", "action": "delete", "options": { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "attributes": { "name": { "value": "PROD-HRDB-MKEY" } } } } }
- Run the
okv managed-object attribute delete
command using the generated JSON file.okv managed-object attribute delete --from-json del_attribute.json
Output similar to the following appears:
{ "result": "Success", "value": { "attributes": { "name": "Deleted" } } }
Parent topic: Security Object Commands
5.3 okv managed-object attribute get Command
The okv managed-object attribute get
command retrieves an attribute or list of attributes of a security object.
Required Authorization
The endpoint must have read permission on the object.
Syntax
Uses JSON syntax only: okv managed-object attribute get --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get", "options" : { "uuid" : "#VALUE", "attributes" : [ "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME"], "customAttributes" : [ "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME" ] } } }
Parameters
Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Array of attribute names. You must use the JSON syntax to specify the attributes. You cannot specify attributes at the command line. You can retrieve the value of multiple attributes by including additional optional To find the existing attributes for the managed object, run the See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Optional |
Array of custom attributes. You must use the JSON syntax to specify the custom attributes. You cannot specify attributes at the command line. To find the existing attributes for the managed object, run the |
JSON Example
- Generate JSON input for the
okv managed-object attribute get
command.okv managed-object attribute get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get", "options" : { "uuid" : "#VALUE", "attributes" : [ "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME" ], "customAttributes" : [ "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME", "#ATTRIBUTE_NAME" ] } } }
- Save the generated input to a file (for example,
get_attribute.json
) and then edit it to retrieve the attributes associated with the security object.{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get", "options" : { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "attributes": [ "activationDate", "contactInfo", "cryptoUsageMask", "cryptographicAlgorithm", "cryptographicLength", "name", "objectType", "state", "extractable", "neverExtractable" ], "customAttributes" : ["x-ApplicationTag"] } } }
- Run the
okv managed-object attribute get
command using the generated JSON file.okv managed-object attribute get --from-json get_attribute.json
Output similar to the following appears:
{ "result": "Success", "value": { "attributes": { "activationDate": "2020-11-21 01:00:00", "contactInfo": "psmith@example.com", "cryptoUsageMask": [ "ENCRYPT", "DECRYPT" ], "cryptographicAlgorithm": "AES", "cryptographicLength": "256", "extractable" : "false", "name": [ { "type": "text", "value": "PROD-HRDB-MKEY" } ], "neverExtractable" : "TRUE", "objectType": "Symmetric Key", "state": "Active" }, "customAttributes": [ { "index": "1", "name": "x-ApplicationTag", "type": "Text String", "value": "HR-Production" } ] } }
Parent topic: Security Object Commands
5.4 okv managed-object attribute get-all Command
The okv managed-object attribute get-all
command retrieves all attributes of a security object.
Required Authorization
The endpoint must have read permission on the object.
Syntax
okv managed-object attribute get-all --uuid UUID
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get-all", "options" : { "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv managed-object attribute get-all
command.okv managed-object attribute get-all --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get-all", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_all_attributes.json
) and then edit it to get all the attributes of the security object.{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "get-all", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } } }
- Run the
okv managed-object attribute get-all
command using the generated JSON file.okv managed-object attribute get-all --from-json get_all_attributes.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "attributes" : { "activationDate" : "2020-11-21 01:00:00", "contactInfo" : "psmith@example.com", "cryptoUsageMask" : [ "ENCRYPT", "DECRYPT" ], "cryptographicAlgorithm" : "AES", "cryptographicLength" : "256", "deactivationDate" : "2024-12-31 01:00:00", "digest" : { "algorithm" : "SHA-256", "digestValue" : "EA31657433D91BF79660525131772D838A1128FCE6B49471726EEF5844EFA3F7", "keyFormatType" : "RAW" }, "extractable" : "FALSE", "fresh" : "Yes", "initialDate" : "2020-11-21 00:57:00", "lastChangeDate" : "2020-11-21 20:17:19", "name" : [ { "type" : "text", "value" : "PROD-HRDB-MKEY" } ], "neverExtractable" : "true" "objectType" : "Symmetric Key", "processStartDate" : "2020-11-21 00:57:00", "protectStopDate" : "2024-09-30 09:00:00", "state" : "Active" "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A" }, "customAttributes" : [ { "index" : "1", "name" : "x-ApplicationTag", "type" : "Text String", "value" : "HR-Production" } ] } }
Parent topic: Security Object Commands
5.5 okv managed-object object fetch Command
The okv managed-object fetch
fetches a security object
and its attributes together.
Required Authorization
System Administrator role
Syntax
okv managed-object object fetch --max max_value --object-group-member object_group_member_type --state state_value --name name_value --custom-attribute custom_attribute_value
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "object", "action" : "fetch", "options" : { "max" : "#VALUE", "objectGroupMember" : "#FRESH|DEFAULT", "attributes" : { "name" : { "value" : "#VALUE" }, "state" : "#PREACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED", "objectType" : "#VALUE", "fresh" : "#YES|NO", "objectGroup" : "#VALUE", "contactInfo" : "#VALUE", "cryptographicAlgorithm" : "#VALUE", "cryptographicLength" : "#VALUE", "cryptoUsageMask" : "#VALUE", "certificateLength" : "#VALUE", "certificateType" : "#VALUE", "x509CertificateSubject" : "#VALUE", "x509CertificateIssuer" : "#VALUE", "digitalSigningAlgorithm" : "#VALUE", "digest" : { "digestValue" : "#VALUE", "algorithm" : "#VALUE", "keyFormatType" : "#VALUE" }, "link" : { "linkType" : "#VALUE", "linkValue" : "#VALUE" }, "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "initialDate" : "#VALUE", "lastChangeDate" : "#VALUE", "compromiseDate" : "#VALUE", "compromiseOccurrenceDate" : "#VALUE", "destroyDate" : "#VALUE", "archiveDate" : "#VALUE", "extractable" : "#TRUE|FALSE", "neverExtractable" : "#TRUE|FALSE" }, "customAttributes" : [ { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } ] } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Maximum number of objects that this command should return |
|
Optional |
Enter one of the following group values:
|
|
Optional |
Enter one of the following states:
|
|
Required |
Attributes names and their values of the object to locate. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
|
|
Optional |
List of custom attributes of the object to locate. Custom attributes that you can enter are as follows:
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default type:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. |
|
|
Specifies when to activate a security object. It has
the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Examples
- Generate JSON input for the
command.
okv managed-object object fetch --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "object", "action" : "fetch", "options" : { "max" : "#VALUE", "objectGroupMember" : "#FRESH|DEFAULT", "attributes" : { "name" : { "value" : "#VALUE" }, "state" : "#PREACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED", "objectType" : "#VALUE", "fresh" : "#YES|NO", "objectGroup" : "#VALUE", "contactInfo" : "#VALUE", "cryptographicAlgorithm" : "#VALUE", "cryptographicLength" : "#VALUE", "cryptoUsageMask" : "#VALUE", "certificateLength" : "#VALUE", "certificateType" : "#VALUE", "x509CertificateSubject" : "#VALUE", "x509CertificateIssuer" : "#VALUE", "digitalSigningAlgorithm" : "#VALUE", "digest" : { "digestValue" : "#VALUE", "algorithm" : "#VALUE", "keyFormatType" : "#VALUE" }, "link" : { "linkType" : "#VALUE", "linkValue" : "#VALUE" }, "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "initialDate" : "#VALUE", "lastChangeDate" : "#VALUE", "compromiseDate" : "#VALUE", "compromiseOccurrenceDate" : "#VALUE", "destroyDate" : "#VALUE", "archiveDate" : "#VALUE", "extractable" : "#TRUE|FALSE", "neverExtractable" : "#TRUE|FALSE" }, "customAttributes" : [ { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } ] } } }
- Save the generated input to a file, for example,
fetch_obj.json
. - Run the
command using the generated JSON file. For example:
okv managed-object object fetch --custom-attribute --max --name --object-group-member --single-object --state
Output similar to the following appears:
{ "result" : "Success", "value" : [ { "attributes" : { "activationDate" : "2022-07-01 15:54:38", "cryptographicAlgorithm" : "RSA", "cryptographicLength" : "2048", "cryptoUsageMask" : "ENCRYPT", "deactivationDate" : "2030-10-10 10:10:10", "digest" : { "digestValue" : "SHA-256", "keyFormatType" : "RAW", "algorithm" : "B8ACE70487179C70DF3A6D320CA0D52FF7F4FB2D9E41E9542E7D8C0166B3D939" }, "fresh" : "No", "initialDate" : "2022-07-01 15:54:38", "lastChangeDate" : "2022-07-01 17:57:24", "name" : [ { "type" : "private_0701", "value" : "text" } ], "objectType" : "Private Key", "processStartDate" : "2022-07-01 15:54:38", "state" : "Active", "uuid" : "95092BD2-B546-4F9A-BF0B-D8ECDC548546" }, "customAttribute" : [ { "name" : "x-NAME", "index" : "0", "type" : "Text String", "value" : "test4" }, { "name" : "x-ID", "index" : "0", "type" : "Integer", "value" : "1" } ], "object" : "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAyYrcnHs6I51lHheg90qTripWIuVKszoluqnBG0+QRLdLKOMIJjajygXKlT\n04DJSrQliR45oki2s/dgyfsTqpvanjTj7W10O5X2poohlGojumNOmb2p52em55yABUcYOb\nK4Qf5sX4vDpc/iUQAAABFkb3BhcmtAZG9wYXJrLW1hYw==\n-----END OPENSSH PRIVATE KEY-----\n" } ] }
Example Using Output Format Text
okv managed-object object fetch --max max_value --object-group-member object_group_member_type --state state_value --name name_value
Parent topic: Security Object Commands
5.6 okv managed-object attribute list Command
The okv managed-object attribute list
command retrieves the names of attributes associated with a security object.
The okv managed-object attribute list
command shows the key customAttributes
if the object has one or more custom attributes. To find the custom attributes defined for the object, run the okv managed-object attribute get-all
command.
Required Authorization
The endpoint must have read permission on the object.
Syntax
okv managed-object attribute list --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "attribute", "action": "list", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv managed-object attribute list
command.okv managed-object attribute list --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "attribute", "action": "list", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
list_attributes.json
) and then edit it to retrieve the list of attributes for the security object.{ "service": { "category": "managed-object", "resource": "attribute", "action": "list", "options": { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } } }
- Run the
okv managed-object attribute list
command using the generated JSON file.okv managed-object attribute list --from-json list_attributes.json
Output similar to the following appears:
{ "result": "Success", "value": { "attributes" : [ "activationDate", "contactInfo", "cryptoUsageMask", "cryptographicAlgorithm", "cryptographicLength", "deactivationDate", "digest", "extractable", "fresh", "initialDate", "lastChangeDate", "name", "neverExtractable", "objectType", "processStartDate", "protectStopDate", "state" "uuid" ], "customAttributes" : [ "x-ApplicationTag" ] } }
Parent topic: Security Object Commands
5.7 okv managed-object attribute modify Command
The okv managed-object attribute modify
command modifies attributes that are associated with a security object.
To find the existing attributes for the managed object, run the okv managed-object attribute list
command.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
okv managed-object attribute modify --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "modify", "options" : { "uuid" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "newValue" : "#VALUE", "newType" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "protectStopDate" : "#VALUE", "processStartDate" : "#VALUE", "extractable" : "#TRUE|FALSE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Attribute names and their values. You must use the JSON syntax to specify the attribute. You cannot specify attributes at the command line. To find the existing attributes for the managed object, run the Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
JSON Example
- Generate JSON input for the
okv managed-object attribute modify
command.okv managed-object attribute modify --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "modify", "options" : { "uuid" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "newValue" : "#VALUE", "newType" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "protectStopDate" : "#VALUE", "processStartDate" : "#VALUE", "extractable" : "#TRUE|FALSE" } } } }
- Save the generated input to a file (for example,
modify_attributes.json
) and then edit it to modify the attributes that are associated with the security object.{ "service" : { "category" : "managed-object", "resource" : "attribute", "action" : "modify", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "attributes" : { "name" : { "value" : "PROD-HRDB-MKEY", "newValue" : "PROD-GLOBAL-HRDB-MKEY", "newType" : "text" }, "contactInfo" : "jscott@example.com", "deactivationDate" : "2024-07-31 09:00:00", "protectStopDate" : "2024-04-30 09:00:00", "extractable" : "FALSE" } } } }
- Run the
okv managed-object attribute modify
command using the generated JSON file.okv managed-object attribute modify --from-json modify_attributes.json
Output similar to the following appears:
{ "result": "Success", "value": { "attributes": { "contactInfo": "Modified", "deactivationDate": "Modified", "name": "Modified", "protectStopDate": "Modified", "extractable" : "Modified" } } }
Parent topic: Security Object Commands
5.8 okv managed-object certificate get Command
The okv managed-object certificate get
command retrieves a
digital certificate.
Required Authorization
The endpoint must have read permission on the certificate object.
Syntax
okv managed-object certificate get--output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "certificate", "action": "get", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the certificate. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object certificate get
command.okv managed-object certificate get --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "certificate", "action": "get", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
get_cert.json
) and then edit it to retrieve the specified certificate.{ "service": { "category": "managed-object", "resource": "certificate", "action": "get", "options": { "uuid": "EEED2C4F-33D7-4F9A-BF02-52DD2225A43A" } } }
- Run the
okv managed-object certificate get
command using the generated JSON file.okv managed-object certificate get --from-json get_cert.json
Output similar to the following appears:
{ "result": "Success", "value": { "object": "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgICfVEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCdXMx\nEzARB << output truncated >> AYP\n4vwrDwBdNdGtj36GqjuCpz/xCVM9ieSRxJU8\n-----END CERTIFICATE-----" } }
Example Using Text as Output Format
okv managed-object certificate get --output_format text --uuid EEED2C4F-33D7-4F9A-BF02-52DD2225A43A
Output
Output similar to the following appears:
-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgICfVEwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCdXMx\nEzARB << output truncated >> AYP\n4vwrDwBdNdGtj36GqjuCpz/xCVM9ieSRxJU8\n-----END CERTIFICATE-----
Parent topic: Security Object Commands
5.9 okv managed-object certificate register Command
The okv managed-object certificate register
command
registers a certificate.
Required Authorization
None
Syntax
okv managed-object certificate register --object certificate_file_path --type certificate_type --sub-type certificate_sub_type --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --private-key-uuid private_key_uuid --wallet wallet_name --actiovation-date activation_date --deactiovation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "certificate", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "type" : "X_509", "subType" : "#USER_CERT|TRUSTPOINT", "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
File path to the certificate object. |
|
Required |
Type of certificate. Enter the following value: |
|
Optional |
Sub-type of the certificate. Choose from the following values:
|
|
Optional |
Cryptographic algorithm of the public key contained in the certificate. If you omit this parameter, then the algorithm is retrieved from the certificate file that is being uploaded. Enter the following value:
|
|
Optional |
Length of the public key contained in the certificate. If you omit this parameter, then the key length is retrieved from the certificate file that being uploaded. Choose from the following values:
|
|
Required |
Cryptographic usage mask, enclosed in double quotation marks. Choose from the following values:
The default values are:
|
|
Optional |
Universally unique ID (UUID) of the private key associated with the certificate object. To find the unique identifier for the key, run the |
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
|
Optional |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
CLI Example
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.okv managed-object certificate register --type X_509 --private-key-uuid 95092BD2-B546-4F9A-BF0B-D8ECDC548546 --algorithm RSA --mask "ENCRYPT" --object /Users/dopark/test/my.crt --name cert_0701 --activation-date now --deactivation-date "2030-10-10 10:10:10
JSON Example
- Generate JSON input for the
okv managed-object certificate register
command.okv managed-object certificate register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "certificate", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "subType" : "#USER_CERT|TRUSTPOINT", "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_cert.json
) and then edit it to register the specified certificate.{ "service" : { "category" : "managed-object", "resource" : "certificate", "action" : "register", "options" : { "object" : "./cert.pem", "algorithm" : "RSA", "length" : "2048", "mask" : [ "ENCRYPT"], "type" : "X_509", "subType" : "USER_CERT", "privateKeyUUID" : "D497994E-74CD-4F60-BF7C-52F254142705", "wallet" : "hr_wallet", "attributes" : { "name" : { "value" : "FINDB-PROD-CERT", "type" : "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object certificate register
command using the generated JSON file.okv managed-object certificate register --from-json reg_cert.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuid" : "EEED2C4F-33D7-4F9A-BF02-52DD2225A43A" } }
Example Using Text as Output Format
okv managed-object certificate register --output_format text --object certificate_file_path --type certificate_type --sub-type certificate_sub_type --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --private-key-uuid private_key_uuid --wallet wallet_name
Output
Output similar to the following appears:
"EEED2C4F-33D7-4F9A-BF02-52DD2225A43A"
Parent topic: Security Object Commands
5.10 okv managed-object certificate-request get Command
The okv managed-object certificate-request get
command
retrieves a certificate request.
Required Authorization
The endpoint must have read permission on the certificate request object.
Syntax
okv managed-object certificate-request get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the certificate request. To find the unique identifier for the certificate request, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
Note: Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command. |
JSON Example
- Generate JSON input for the
okv managed-object certificate-request get
command.okv managed-object certificate-request get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_cert_req.json
) and then edit it to specify the UUID of the certificate request.{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "get", "options" : { "uuid" : "BC0E9004-82E0-4FFA-BFF2-29A67DDD5C64" } } }
- Run the
okv managed-object certificate-request get
command using the generated JSON file.okv managed-object certificate-request get --from-json get_cert_req.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "object" : "-----BEGIN NEW CERTIFICATE REQUEST-----\nMIIC5TCCAc0CAQAwdDELMAkGA1UEBhMCdXMxEzARBgNVBAgTCkNhbGlmb3JuaWEx << output truncated >> \nDtWoeZfNYHcWPFmHK8aiLCgzeFG62xRdyg==\n-----END NEW CERTIFICATE REQUEST-----" } }
Example Using Text as Output Format
okv managed-object certificate-request get --output_format text --uuid BC0E9004-82E0-4FFA-BFF2-29A67DDD5C64
Output
Output similar to the following appears:
"-----BEGIN NEW CERTIFICATE REQUEST-----\nMIIC5TCCAc0CAQAwdDELMAkGA1UEBhMCdXMxEzARBgNVBAgTCkNhbGlmb3JuaWEx << output truncated >> \nDtWoeZfNYHcWPFmHK8aiLCgzeFG62xRdyg==\n-----END NEW CERTIFICATE REQUEST-----"
Parent topic: Security Object Commands
5.11 okv managed-object certificate-request register Command
The okv managed-object certificate-request register
command registers a certificate request object with Oracle Key Vault.
Required Authorization
None
Syntax
okv managed-object certificate-request register --object
certificate_requeset_file_path --type certificate_requeset_type
--private-key-uuid private_key_uuid --wallet wallet_name
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "register", "options" : { "type" : "#CRMF,PKCS10,PEM,PGP", "object" : "#VALUE", "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
File path to the certificate request object. |
|
Optional |
Type of certificate request. Choose from the following values:
|
|
Optional |
Universally unique ID (UUID) of the private key associated with the certificate request to be registered. To find the unique identifier for the key, run the |
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Attribute names and their values.
Enclose this value in double quotation marks if the value contains spaces,
slashes, or colons. To find the existing attributes for the managed object, run
the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See
Key Management Interoperability
Protocol Specification Version 1.1 for details about these
attributes.
|
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.CLI Example
okv managed-object certificate-request register --name "FINDB-PROD-CERTREQ" --custom-attribute "x-local-name:HR" --activation-date "2020-12-31 09:00:00" --deactivation-date "2024-12-31 09:00:00
JSON Example
- Generate JSON input for the
okv managed-object certificate-request register
command.okv managed-object certificate-request register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "register", "options" : { "type" : "#CRMF,PKCS10,PEM,PGP", "object" : "#VALUE", "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_cert_req.json
) and then edit it to specify the appropriate certificate request values.{ "service" : { "category" : "managed-object", "resource" : "certificate-request", "action" : "register", "options" : { "type" : "PEM", "object" : "./cert_req.pem", "privateKeyUUID" : "D497994E-74CD-4F60-BF7C-52F254142705", "wallet" : "hr_wallet", "attributes" : { "name" : { "value" : "FINDB-PROD-CERTREQ", "type" : "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object certificate-request register
command using the generated JSON file.okv managed-object certificate-request register --from-json reg_cert_req.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuid" : "BC0E9004-82E0-4FFA-BFF2-29A67DDD5C64" } }
Example Using Text as Output Format
okv managed-object certificate-request register --output_format text --object "./cert_req.pem" --type "PEM" --private-key-uuid "D497994E-74CD-4F60-BF7C-52F254142705" --wallet hr_wallet --activation-date now --name hr_csr --custom-attribute "x-local-name:HR"
Output
Output similar to the following appears:
"BC0E9004-82E0-4FFA-BFF2-29A67DDD5C64"
Parent topic: Security Object Commands
5.12 okv managed-object custom-attribute add Command
The okv managed-object custom-attribute add
command adds a custom attribute to a security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
Uses JSON syntax only: okv managed-object custom-attribute add --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "add", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Custom attribute name. Include the prefix You must specify these values for the custom attribute:
See Key Management Interoperability Protocol Specification Version 1.1 for details about JSON attributes. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. |
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object custom-attribute add
command.okv managed-object custom-attribute add --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "add", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } } } }
- Save the generated input to a file (for example,
add_cust_attr.json
) and then edit it to include the custom attribute to the security object.{ "service": { "category": "managed-object", "resource": "custom-attribute", "action": "add", "options": { "uuid": "3C695846-BB8D-4FD2-BFC4-E646ACB60404", "customAttribute": { "name": "x-ApplicationTag", "value": "HR-Production", "type": "TEXT" } } } }
- Run the
okv managed-object custom-attribute add
command using the generated JSON file.okv managed-object custom-attribute add --from-json add_cust_attr.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Security Object Commands
5.13 okv managed-object custom-attribute delete Command
The okv managed-object custom-attribute delete
command deletes a custom attribute of a security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
Uses JSON syntax only: okv managed-object custom-attribute delete --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "delete", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "index" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Custom attribute name and its index. You must use the JSON syntax to specify the attribute. You cannot specify attributes at the command line. To find the existing attributes for a managed object, run the You must specify these values for the attribute:
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
JSON Example
- Generate JSON input for the
okv managed-object custom-attribute delete
command.okv managed-object custom-attribute delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "delete", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "index" : "#VALUE" } } } }
- Save the generated input to a file (for example,
del_cust_attr.json
) and then edit it so that you can delete the custom attribute.{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "delete", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "customAttribute" : { "name" : "x-ApplicationTag", "index" : "1" } } } }
- Run the
okv managed-object custom-attribute delete
command using the generated JSON file.okv managed-object custom-attribute delete --from-json del_cust_attr.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Security Object Commands
5.14 okv managed-object custom-attribute modify Command
The okv managed-object custom-attribute modify
command modifies a custom attribute of a security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
Uses JSON syntax only: okv managed-object custom-attribute modify --generate-json-input
You must use the JSON syntax for this command to specify the attributes. However, you can use the --uuid
parameter at the command line with this command. This is useful for cases where you want to apply the same attribute values to multiple objects. You can re-use the same JSON file and specify different UUIDs at the command line.
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "modify", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "newValue" : "#VALUE", "index" : "#VALUE" } } } }
Parameters
Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Custom attribute name, value, and index. You must use the JSON syntax to specify the attribute. You cannot specify attributes at the command line. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. You must use the JSON syntax to modify a custom attribute. You must specify these values for the attribute:
See Key Management Interoperability Protocol Specification Version 1.1 for details about JSON attributes. |
JSON Example
- Generate JSON input for the
okv managed-object custom-attribute modify
command.okv managed-object custom-attribute modify --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "modify", "options" : { "uuid" : "#VALUE", "customAttribute" : { "name" : "#VALUE", "newValue" : "#VALUE", "index" : "#VALUE" } } } }
- Save the generated input to a file (for example,
modify_cust_attr.json
) and then edit it to modify the custom attribute.{ "service" : { "category" : "managed-object", "resource" : "custom-attribute", "action" : "modify", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A", "customAttribute" : { "name" : "x-ApplicationTag", "newValue" : "Global-HR-Production", "index" : "1" } } } }
- Run the
okv managed-object custom-attribute modify
command using the generated JSON file.okv managed-object custom-attribute modify --from-json modify_cust_attr.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Security Object Commands
5.15 okv managed-object key create Command
The okv managed-object key create
command creates a
symmetric key.
Required Authorization
None
Syntax
okv managed-object key create --algorithm cryptographic_algorithm --length key_length --mask crypographic_usage_mask --wallet wallet_name --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date --deactivation-date deactivation_date
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "key", "action": "create", "options": { "algorithm": "#3DES|AES", "length": "#112,168(3DES)|128,192,256(AES)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet": "#VALUE", "attributes": { "extractable" : "#TRUE|FALSE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
Cryptographic algorithm. Choose from the following values:
|
|
Optional |
Key length for the algorithm. Choose from the following values:
|
|
Optional |
Cryptographic usage mask, enclosed in double quotation marks. Choose from the following values:
|
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Sets the
If you do not set the |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. |
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.Example without using JSON
okv managed-object key create --length 128 --algorithm AES --mask"ENCRYPT" --name dw_0706
JSON Example
- Generate JSON input for the
okv managed-object key create
command.okv managed-object key create --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "key", "action": "create", "options": { "algorithm": "#3DES|AES", "length": "#112,168(3DES)|128,192,256(AES)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet": "#VALUE", "attributes": { "extractable" : "#TRUE|FALSE" } } } }
- Save the generated input to a file (for example,
create_key.json
) and then edit it to create the key.{ "service": { "category": "managed-object", "resource": "key", "action": "create", "options": { "algorithm": "AES", "length": "256", "mask": [ "ENCRYPT", "DECRYPT" ], "wallet": "hr_wallet", "attributes": { "extractable" : "FALSE" } } } }
- Run the
okv managed-object key create
command using the generated JSON file.okv managed-object key create --from-json create_key.json
Output similar to the following appears:
{ "result": "Success", "value": { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } }
Example Using Text as Output Format
okv managed-object key create --output_format text --algorithm cryptographic_algorithm --length key_length --mask crypographic_usage_mask --wallet wallet_name
Output
Output similar to the following appears:
"2359E04F-DA61-4F7C-BF9F-913D3369A93A"
Parent topic: Security Object Commands
5.16 okv managed-object key get Command
The okv managed-object key get
command retrieves a
symmetric key.
Required Authorization
The endpoint must have read permission on the key object.
Syntax
okv managed-object key get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "key", "action": "get", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the key. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. |
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object key get
command.okv managed-object key get --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "key", "action": "get", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
get_key.json
) and then edit it to get the specified key.{ "service": { "category": "managed-object", "resource": "key", "action": "get", "options": { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } } }
- Run the
okv managed-object key get
command using the generated JSON file.okv managed-object key get --from-json get_key.json
Output similar to the following appears:
{ "result": "Success", "value": { "object": "E7A641D77DDAF074C62E7A2C2355F2B8D9CD49486E6AF7F38A22CBDEC91630D0" } }
If the symmetric key is not extractable, then the following message appears:
{ "result" : "Failure", "message" : "Operation Result Status: Operation Failed, Result Reason: Unavailable" }
Example Using Text as Output Format
okv managed-object certificate-request get --output_format text --uuid 2359E04F-DA61-4F7C-BF9F-913D3369A93A
Output
Output similar to the following appears:
"E7A641D77DDAF074C62E7A2C2355F2B8D9CD49486E6AF7F38A22CBDEC91630D0"
Parent topic: Security Object Commands
5.17 okv managed-object key register Command
The okv managed-object key register
command registers a
symmetric key.
Required Authorization
None
Syntax
okv managed-object key register --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --object key_file_path --wallet wallet_name --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date --deactivation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "key", "action" : "register", "options" : { "length" : "#112,168(3DES)|128,192,256(AES)", "object" : "#VALUE", "algorithm" : "#3DES|AES", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "extractable" : "#TRUE|FALSE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
Cryptographic algorithm. Choose from the following values:
|
|
Optional |
Key length for the algorithm. Choose from the following values:
|
|
Optional |
Cryptographic usage mask, enclosed in double quotation marks. Choose from the following values:
|
|
Required |
File path to the symmetric key object. |
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.Example without using JSON
okv managed-object key register
--length 128 --object/Users/dopark/test/my.key --algorithm AES
--mask "ENCRYPT" --name dw_0701--activation-date now --deactivation-date "2030-10-10 10:10:10"
okv managed-object key register --name
'{"value" : "dw_key_2"}'--activation-date --deactivation-date
okv managed-object key register --name
'{"value" : "dw_key_2", "type" :"uri"}' --activation-date --deactivation-date
okv managed-object key register --name
'{"value" : "dw_key_2", "type" :"text"}' --activation-date --deactivation-date
okv managed-object key register --name
'{"value" : "dw_key_2", "type" :"uri"}' --custom-attribute '[ { "name": "x-OKV
Private Key UID", "value" :"CA8075A4-C13F-4FD0-BF58-FDB984CC879A"}, { "name":
"x-NAME2", "value" :"11111"} ] ' --activation-date
--deactivation-date
JSON Example
- Generate JSON input for the
okv managed-object key register
command.okv managed-object key register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "key", "action" : "register", "options" : { "length" : "#112,168(3DES)|128,192,256(AES)", "object" : "#VALUE", "algorithm" : "#3DES|AES", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "extractable" : "#TRUE|FALSE" } } } }
- Save the generated input to a file (for example,
reg_key.json
) and then edit it to register the key.{ "service": { "category": "managed-object", "resource": "key", "action": "register", "options": { "length": "256", "object": "./object.txt", "algorithm": "AES", "mask": [ "ENCRYPT", "DECRYPT" ], "wallet": "hr_wallet", "attributes": { "name": { "value": "FINDB-PROD-MKEY", "type": "text" }, "contactInfo" : "pfitch@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00", "extractable" : "FALSE" } } } }
- Run the
okv managed-object key register
command using the generated JSON file.okv managed-object key register --from-json reg_key.json
Output similar to the following appears:
{ "result": "Success", "value": { "uuid": "39BE0215-5D7B-4F38-BF5F-FC87C82AA004" } }
Example Using Text as Output Format
okv managed-object key register --output_format text --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --object key_file_path --wallet wallet_name
Output
Output similar to the following appears:
"39BE0215-5D7B-4F38-BF5F-FC87C82AA004"
Parent topic: Security Object Commands
5.18 okv managed-object object activate Command
The okv managed-object object activate
command activates a
security object.
See Oasis Key Management Interoperability Protocol Specification Version 1.1 Oasis Standard for various states that a security object can be in.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
okv managed-object object activate --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "object", "action": "activate", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object managed-object activate
command.okv managed-object object activate --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "object", "action": "activate", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
activate_object.json
) and then edit it to activate the security object.{ "service": { "category": "managed-object", "resource": "object", "action": "activate", "options": { "uuid": "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } } }
- Run the
okv managed-object managed-object activate
command using the generated JSON file.okv managed-object object activate --from-json activate_object.json
Output similar to the following appears:
{ "result": "Success" }
Example Using Output Format Text
okv managed-object object activate --output_format text --uuid UUID
Output
- exit code 0 - Indicates Success
- exit code 1- Indicates Failure
Parent topic: Security Object Commands
5.19 okv managed-object object destroy Command
The okv managed-object object destroy
command requests the
server to destroy the key data for a security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
okv managed-object object destroy --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "object", "action": "destroy", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object object destroy
command.okv managed-object object destroy --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "object", "action": "destroy", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
destroy_obj.json
) and then edit it so that you can destroy the security object data.{ "service": { "category": "managed-object", "resource": "object", "action": "destroy", "options": { "uuid": "B36F3AD1-0AC7-4FEB-BF32-79E6F727ECB2" } } }
- Run the
okv managed-object object destroy
command using the generated JSON file.okv managed-object object destroy --from-json destroy_obj.json
Output similar to the following appears:
{ "result": "Success" }
Example Using Output Format Text
okv managed-object object destroy --output_format text --uuid UUID
Output
- exit code 0 - Indicates Success
- exit code 1- Indicates Failure
Parent topic: Security Object Commands
5.20 okv managed-object object locate Command
The okv managed-object object locate
command locates a
security object.
Required Authorization
The endpoint must have read permission on the objects.
Syntax
okv managed-object object locate --output_format text --max max_value --object-group-member object_group_member_type --state state_value --name name_value --custom-attribute custom_attributes_value
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "object", "action" : "locate", "options" : { "max" : "#VALUE", "objectGroupMember" : "#FRESH|DEFAULT", "attributes" : { "name" : { "value" : "#VALUE" }, "state" : "#PREACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED", "objectType" : "#VALUE", "fresh" : "#YES|NO", "objectGroup" : "#VALUE", "contactInfo" : "#VALUE", "cryptographicAlgorithm" : "#VALUE", "cryptographicLength" : "#VALUE", "cryptoUsageMask" : "#VALUE", "certificateLength" : "#VALUE", "certificateType" : "#VALUE", "x509CertificateSubject" : "#VALUE", "x509CertificateIssuer" : "#VALUE", "digitalSigningAlgorithm" : "#VALUE", "digest" : { "digestValue" : "#VALUE", "algorithm" : "#VALUE", "keyFormatType" : "#VALUE" }, "link" : { "linkType" : "#VALUE", "linkValue" : "#VALUE" }, "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "initialDate" : "#VALUE", "lastChangeDate" : "#VALUE", "compromiseDate" : "#VALUE", "compromiseOccurrenceDate" : "#VALUE", "destroyDate" : "#VALUE", "archiveDate" : "#VALUE", "extractable" : "#TRUE|FALSE", "neverExtractable" : "#TRUE|FALSE" }, "customAttributes" : [ { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } ] } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Maximum number of objects that this command should return |
|
Optional |
Enter one of the following group values:
|
|
Optional |
Enter one of the following states:
|
|
Optional |
Name of the object to locate. |
|
Required |
Attributes names and their values of the object to locate. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
|
|
Optional |
List of custom attributes of the object to locate. Custom attributes that you can enter are as follows:
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object object locate
command.okv managed-object object locate --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "object", "action" : "locate", "options" : { "max" : "#VALUE", "objectGroupMember" : "#FRESH|DEFAULT", "attributes" : { "name" : { "value" : "#VALUE" }, "state" : "#PREACTIVE|ACTIVE|DEACTIVATED|COMPROMISED|DESTROYED|DESTROYED_COMPROMISED", "objectType" : "#VALUE", "fresh" : "#YES|NO", "objectGroup" : "#VALUE", "contactInfo" : "#VALUE", "cryptographicAlgorithm" : "#VALUE", "cryptographicLength" : "#VALUE", "cryptoUsageMask" : "#VALUE", "certificateLength" : "#VALUE", "certificateType" : "#VALUE", "x509CertificateSubject" : "#VALUE", "x509CertificateIssuer" : "#VALUE", "digitalSigningAlgorithm" : "#VALUE", "digest" : { "digestValue" : "#VALUE", "algorithm" : "#VALUE", "keyFormatType" : "#VALUE" }, "link" : { "linkType" : "#VALUE", "linkValue" : "#VALUE" }, "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE", "initialDate" : "#VALUE", "lastChangeDate" : "#VALUE", "compromiseDate" : "#VALUE", "compromiseOccurrenceDate" : "#VALUE", "destroyDate" : "#VALUE", "archiveDate" : "#VALUE", "extractable" : "#TRUE|FALSE", "neverExtractable" : "#TRUE|FALSE" }, "customAttributes" : [ { "name" : "#VALUE", "value" : "#VALUE", "type" : "#TEXT|NUMBER" } ] } } }
- Save the generated input to a file (for example,
locate_obj.json
) and then edit it to locate the security object.{ "service" : { "category" : "managed-object", "resource" : "object", "action" : "locate", "options" : { "max" : "10", "objectGroupMember" : "FRESH", "attributes" : { "state": "ACTIVE", "name": { "value": "key8" }, "fresh" : "Yes", "activationDate": "2021-04-10 07:16:00", "link" : { "linkType" : "Replaced Object Link", "linkValue" : "6B13B7B3-BE61-4FF6-BFB0-4108231392F8" }, "extractable" : "FALSE", "neverExtractable" : "TRUE" }, "customAttributes" : [{ "name": "x-test_1", "value": "test_1", "type": "TEXT" }, { "name": "x-number", "value": "1", "type": "NUMBER" }] } } }
- Run the
okv managed-object object locate
command using the generated JSON file.okv managed-object object locate --from-json locate_obj.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuids" : [ "6C51CC04-BFA5-4FBD-BFB4-12DCCECAA355" ] } }
Example Using Output Format Text
okv managed-object object locate --output_format text --max max_value --object-group-member object_group_member_type --state state_value --name name_value
Output
Output similar to the following appears:
"6C51CC04-BFA5-4FBD-BFB4-12DCCECAA355"
Parent topic: Security Object Commands
5.21 okv managed-object object query Command
The okv managed-object object query
command identifies supported operations and objects.
Required Authorization
None
Syntax
okv managed-object object query
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "object", "action": "query" } }
Parameters
None
JSON Example
- Generate JSON input for the
okv managed-object object query
command.okv managed-object object query --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "object", "action": "query" } }
- Save the generated input to a file (for example,
query_obj.json
). - Run the
okv managed-object object query
command using the generated JSON file.okv managed-object object query --from-json query_obj.json
Output similar to the following appears:
{ "result": "Success", "value": { "objects": [ "Symmetric Key", "Template", "Secret Data", "Opaque Object", "Certificate" ], "operations": [ "Create", "Register", "Re-key", "Locate", "Check", "Get", "Get Attributes", "Get Attribute List", "Add Attribute", "Modify Attribute", "Delete Attribute", "Activate", "Revoke", "Destroy", "Query", "Discover Versions" ] } }
Parent topic: Security Object Commands
5.22 okv managed-object object revoke Command
The okv managed-object object revoke
command revokes a
security object.
Required Authorization
The endpoint must have read-modify permission on the object.
Syntax
okv managed-object object revoke --code code --reason reason --compromise-occurrence-date date --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "object", "action": "revoke", "options": { "code": "#UNSPECIFIED|KEY_COMPROMISE|CA_COMPROMISE|AFFILIATION_CHANGED|SUPERSEDED|CESSATION_OF_OPERATION|PRIVILEGE_WITHDRAWN", "reason": "#VALUE", "compromiseOccurrenceDate": "#VALUE", "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
Enter one of the following values:
|
|
Required |
Description of the reason for the revocation |
|
Optional |
Date the compromise took place. This setting is used only if |
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object object revoke
command.okv managed-object object revoke --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "object", "action": "revoke", "options": { "code": "#UNSPECIFIED|KEY_COMPROMISE|CA_COMPROMISE|AFFILIATION_CHANGED|SUPERSEDED|CESSATION_OF_OPERATION|PRIVILEGE_WITHDRAWN", "reason": "#VALUE", "compromiseOccurrenceDate": "#VALUE", "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
revoke_obj.json
) and then edit it so that you can revoke the security object privileges.{ "service": { "category": "managed-object", "resource": "object", "action": "revoke", "options": { "code": "KEY_COMPROMISE", "reason": "security incidence", "compromiseOccurrenceDate": "2020-11-20 10:34:29", "uuid": "E4CA6A16-B3CD-4F98-BF25-4A0EF482B8B8" } } }
- Run the
okv managed-object object revoke
command using the generated JSON file.okv managed-object object revoke --from-json revoke_obj.json
Output similar to the following appears:
{ "result": "Success" }
Example Using Output Format Text
okv managed-object object revoke --output_format text --code code --reason reason --compromise-occurrence-date date --uuid UUID
Output
- exit code 0 - Indicates Success
- exit code 1- Indicates Failure
Parent topic: Security Object Commands
5.23 okv managed-object opaque get Command
The okv managed-object opaque get
command retrieves an
object that contains opaque data.
Required Authorization
The endpoint must have read permission on the object.
Syntax
okv managed-object opaque get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "opaque", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object opaque get
command.okv managed-object opaque get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "opaque", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_opaque_object.json
) and then edit it to retrieve the data from the opaque object.{ "service" : { "category" : "managed-object", "resource" : "opaque", "action" : "get", "options" : { "uuid" : "2359E04F-DA61-4F7C-BF9F-913D3369A93A" } } }
- Run the
okv managed-object opaque get
command using the generated JSON file.okv managed-object opaque get --from-json get_opaque_object.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "object" : "2D2D2D2D2D424547494E2050524956415445204B45592D2D2D2D2D0A4D494945765149424144414E42676B71686B6947397730424151454641415343424B637767675363 <<<< Output Truncated>>>> 7067533170633634656D3630686C72336B786C593858665734317A594A450A724546334C652F4A4F4B4968674A754C367352734C67553D0A2D2D2D2D2D454E442050524956415445204B45592D2D2D2D2D0A" } }
Example Using Output Format Text
okv managed-object opaque get --output_format text --uuid 2359E04F-DA61-4F7C-BF9F-913D3369A93A
Output
Output similar to the following appears:
2D2D2D2D2D424547494E2050524956415445204B45592D2D2D2D2D0A4D494945765149424144414E42676B71686B6947397730424151454641415343424B637767675363 <<<< Output Truncated>>>> 7067533170633634656D3630686C72336B786C593858665734317A594A450A724546334C652F4A4F4B4968674A754C367352734C67553D0A2D2D2D2D2D454E442050524956415445204B45592D2D2D2D2D0A
Parent topic: Security Object Commands
5.24 okv managed-object opaque register Command
The okv managed-object opaque register
command registers an
opaque security object.
Objects containing opaque data are not necessarily interpreted by the server.
Required Authorization
None
Syntax
okv managed-object opaque register --object object_name --wallet wallet_name --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date--deactivation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "opaque", "action" : "register", "options" : { "object" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
File path to the object. |
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object opaque register
command.okv managed-object opaque register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "opaque", "action" : "register", "options" : { "object" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_opaque.json
) and then edit it to register the opaque key.{ "service": { "category": "managed-object", "resource": "opaque", "action": "register", "options": { "object": "./key.pem", "wallet": "hr_wallet", "attributes": { "name": { "value": "Opaque-Key-102", "type": "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object opaque register
command using the generated JSON file.okv managed-object opaque register --from-json reg_opaque.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuid" : "B44A99FD-F892-4F3E-BF7D-487B68159CC3" } }
Example Using Output Format Text
okv managed-object opaque register --output_format text --object object_name --wallet wallet_name
Output
Output similar to the following appears:
"B44A99FD-F892-4F3E-BF7D-487B68159CC3"
5.25 okv managed-object private-key get Command
The okv managed-object private-key get
command retrieves a
private key.
Required Authorization
The endpoint must have read permission on the private key.
Syntax
okv managed-object private-key get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the private key. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. Note: Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.The default value is:
|
JSON Example
- Generate JSON input for the
okv managed-object private-key get
command.okv managed-object private-key get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_private_key.json
) and then edit it to specify the UUID of the private key.{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "get", "options" : { "uuid" : "2F9E2A31-D15A-4F5B-BFA0-761892021DBE" } } }
- Run the
okv managed-object private-key get
command using the generated JSON file.okv managed-object private-key get --from-json get_private_key.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "object" : "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAg << output truncated >> /onTXJKf8A1kZwPW/Qa6IpPOGCfOJDtyM9F5X9REaJQr+1\nXw1sBm1Tjh4z/m6rsKK6A4YP\n-----END PRIVATE KEY-----" } }
Example Using Output Format Text
okv managed-object private-key get --output_format text --uuid 2F9E2A31-D15A-4F5B-BFA0-761892021DBE
Output
Output similar to the following appears:
"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAg << output truncated >> /onTXJKf8A1kZwPW/Qa6IpPOGCfOJDtyM9F5X9REaJQr+1\nXw1sBm1Tjh4z/m6rsKK6A4YP\n-----END PRIVATE KEY-----"
Parent topic: Security Object Commands
5.26 okv managed-object private-key register Command
The okv managed-object private-key register
command registers a private key.
Required Authorization
None
Syntax
okv managed-object private-key register --object private_key_file_path --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --wallet wallet_name --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date --deactivation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ]", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
File path to the private key object. |
|
Optional |
Cryptographic algorithm. The default value is: |
|
Required |
Key length for the algorithm. Choose from the following values:
|
|
Optional |
Cryptographic usage mask, enclosed in double quotation marks. Choose from the following values:
|
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.Example without using JSON
okv managed-object private-key register --algorithm RSA --length 2048
--mask"ENCRYPT" --object /Users/dopark/test/id_rsa
--name private_0701--activation-date now --deactivation-date "2030-10-10 10:10:10"
JSON Example
- Generate JSON input for the
okv managed-object private-key register
command.okv managed-object private-key register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ]", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_private_key.json
) and then edit it to specify the appropriate private key settings.{ "service" : { "category" : "managed-object", "resource" : "private-key", "action" : "register", "options" : { "object" : "./priv_key.pem", "algorithm" : "RSA", "length" : "2048", "mask" : [ "ENCRYPT", "DECRYPT" ], "wallet" : "hr_wallet", "attributes" : { "name" : { "value" : "CERT-APPID-103", "type" : "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object private-key register
command using the generated JSON file.okv managed-object private-key register --from-json reg_private_key.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuid" : "2F9E2A31-D15A-4F5B-BFA0-761892021DBE" } }
Example Using Output Format Text
okv managed-object private-key register --output_format text --object private_key_file_path --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --wallet wallet_name
Output
Output similar to the following appears:
"2F9E2A31-D15A-4F5B-BFA0-761892021DBE"
Parent topic: Security Object Commands
5.27 okv managed-object public-key get Command
The okv managed-object public-key get
command retrieves a
public key.
Required Authorization
The endpoint must have read permission on the public key.
Syntax
okv managed-object public-key get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the public key. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object public-key get
command.okv managed-object public-key get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "get", "options" : { "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_public_key.json
) and then edit it to specify the UUID of the public key.{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "get", "options" : { "uuid" : "11652909-D019-4F3B-BFB9-791723095005" } } }
- Run the
okv managed-object public-key get
command using the generated JSON file.okv managed-object public-key get --from-json get_public_key.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "object" : "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK4YrT6A/4tVnadRg0ZT\nprsdUwXrIdoqf1+ye/yVkN6RmtR7mthn6WIIrbTVX5MuAkLc6yyuMEc+nLDPZzrU\nFXkCAQeVR7sT/hQo74dQHebIfJxgx+uZrlzOgT4Il1qfmjR6y81RjTvAU8ZPdzPb\nuXKHZErZVQdoXUw5uFrTNzOegLbYJFI2dZnf3erB7Ho64DckFRoFP05cc3A0iLrL\ntzE8CcjAlBlXTGJD4kAtTEet/0TkvuHzBHr23zkfj0kWV3PHGYYC3O+/UzXg/nal\n3iTK5yRDkln45AyI/PkfzAFiZ/kX9C66H0WRMxgfaOn/uRNbikFOFK6IPOGcT+0S\n/QIDAQAB\n-----END PUBLIC KEY-----" } }
Example Using Output Format Text
okv managed-object public-key get --output_format text --uuid 11652909-D019-4F3B-BFB9-791723095005
Output
Output similar to the following appears:
"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK4YrT6A/4tVnadRg0ZT\nprsdUwXrIdoqf1+ye/yVkN6RmtR7mthn6WIIrbTVX5MuAkLc6yyuMEc+nLDPZzrU\nFXkCAQeVR7sT/hQo74dQHebIfJxgx+uZrlzOgT4Il1qfmjR6y81RjTvAU8ZPdzPb\nuXKHZErZVQdoXUw5uFrTNzOegLbYJFI2dZnf3erB7Ho64DckFRoFP05cc3A0iLrL\ntzE8CcjAlBlXTGJD4kAtTEet/0TkvuHzBHr23zkfj0kWV3PHGYYC3O+/UzXg/nal\n3iTK5yRDkln45AyI/PkfzAFiZ/kX9C66H0WRMxgfaOn/uRNbikFOFK6IPOGcT+0S\n/QIDAQAB\n-----END PUBLIC KEY-----"
Parent topic: Security Object Commands
5.28 okv managed-object public-key register Command
The okv managed-object public-key register
command registers a public key.
Required Authorization
None
Example without using JSON
okv managed-object public-key register --object
/Users/dopark/test/id_rsa.pub --algorithm RSA ---length 2048 -mask "ENCRYPT"
--private-key-uuid 95092BD2-B546-4F9A-BF0B-D8ECDC548546 --name public_0701
--activation-date now --deactivation-date "2030-10-10 10:10:10
Syntax
okv managed-object public-key register --object public_key_file_path --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --private-key-uuid private_key_uuid --wallet wallet_name --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date --deactivation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT","#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP","#TRANSLATE_UNWRAP" ], "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
File path to the public key object. |
|
Optional |
Cryptographic algorithm. The default value is:
|
|
Required |
Key length for the algorithm. Choose from the following values:
|
|
Required |
Cryptographic usage mask, enclosed in double quotation marks. Choose from the following values:
|
|
Optional |
Universally unique ID (UUID) of the private key associated with the public key being registered. To find the unique identifier for the key, run the |
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It has the following
format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object public-key register
command.okv managed-object public-key register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "register", "options" : { "object" : "#VALUE", "algorithm" : "#RSA", "length" : "#1024,2048,4096(RSA)", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT","#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP","#TRANSLATE_UNWRAP" ], "privateKeyUUID" : "#VALUE", "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_public_key.json
) and then edit it to specify the appropriate public key settings.{ "service" : { "category" : "managed-object", "resource" : "public-key", "action" : "register", "options" : { "object" : "./key.pub", "algorithm" : "RSA", "length" : "2048", "mask" : [ "ENCRYPT", "DECRYPT" ], "privateKeyUUID" : "2F9E2A31-D15A-4F5B-BFA0-761892021DBE ", "wallet" : "hr_wallet", "attributes" : { "name" : { "value" : " FINDB-PROD-PUBKEY ", "type" : "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object public-key register
command using the generated JSON file.okv managed-object public-key register --from-json reg_public_key.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "uuid" : "11652909-D019-4F3B-BFB9-791723095005 " } }
Example Using Output Format Text
okv managed-object public-key register --output_format text --object public_key_file_path --algorithm cryptographic_algorithm --length key_length --mask cryptographic_usage_mask --private-key-uuid private_key_uuid --wallet wallet_nameokv managed-object public-key get --output_format text --uuid UUID
Output
Output similar to the following appears:
"11652909-D019-4F3B-BFB9-791723095005 "
Parent topic: Security Object Commands
5.29 okv managed-object secret get Command
The okv managed-object secret get
command retrieves the
secret data from a security object of type secret.
Required Authorization
The endpoint must have read permission on the secret object.
Syntax
okv managed-object secret get --output_format OUTPUT_FORMAT --uuid UUID
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "secret", "action": "get", "options": { "uuid": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object secret get
command.okv managed-object secret get --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "secret", "action": "get", "options": { "uuid": "#VALUE" } } }
- Save the generated input to a file (for example,
secret_get.json
) and then edit it to locate the secret object.{ "service": { "category": "managed-object", "resource": "secret", "action": "get", "options": { "uuid": "D69D2F32-2DBB-4FF3-BF52-95487526E6EC" } } }
- Run the
okv managed-object secret get
command using the generated JSON file.okv managed-object secret get --from-json secret_get.json
Output similar to the following appears:
{ "result": "Success", "value": { "object": "ki3j&8slo73y2ls" } }
Example Using Output Format Text
okv managed-object secret get --output_format text --uuid D69D2F32-2DBB-4FF3-BF52-95487526E6EC
Output
Output similar to the following appears:
"ki3j&8slo73y2ls"
Parent topic: Security Object Commands
5.30 okv managed-object secret register Command
The okv managed-object secret register
command registers
secret data such as passwords or random seeds.
Required Authorization
None
Syntax
okv managed-object secret register --object object_name type PASSWORD|SEED wallet wallet_name --mask cryptogrpahic_usage_mask --name name_value --custom-attrbute custom_attribute_value --activation-date activation_date --deactivation-date deactivation_date
JSON Input File Template
{ "service" : { "category" : "managed-object", "resource" : "secret", "action" : "register", "options" : { "object" : "#VALUE", "type" : "#PASSWORD|SEED", "mask" : [ "#SIGN", "#VERIFY","#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
Parameters
Parameter/Template | Required? | Description |
---|---|---|
|
Required |
Path of the object file containing secret data. |
|
Optional |
Enter one of the following values:
|
|
Optional |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Cryptographic usage mask, enclosed in double quotation marks. The default value is :
Choose from the following values:
|
|
Required |
Attribute names and their values. Enclose this value in double quotation marks if the value contains spaces, slashes, or colons. To find the existing attributes for the managed object, run the You cannot specify attributes at the command line. If you want to use attributes, then you must use the JSON syntax. Attributes that you can enter are as follows:
You can use different ways to set the date and time. Examples are as follows:
To display the time in UTC format, use the Linux
See Key Management Interoperability Protocol Specification Version 1.1 for details about these attributes. |
|
Specifies the name of a security object. The allowed values are :
The default value is:
|
|
|
Specifies custom defined attribute on security object.
|
|
|
Specifies when to deactivate a security object. It has the same
format as |
|
|
Specifies when to activate a security object. It will have the following format.
|
|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.Example without using JSON
okv managed-object secret register --type PASSWORD --mask "DERIVE_KEY"
--name secret_0701 --object /Users/dopark/test/my.secret --activation-date now
--deactivation-date "2030-10-10 10:10:10
JSON Example
- Generate JSON input for the
okv managed-object secret register
command.okv managed-object secret register --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "managed-object", "resource" : "secret", "action" : "register", "options" : { "object" : "#VALUE", "type" : "#PASSWORD|SEED", "mask" : [ "#SIGN", "#VERIFY", "#ENCRYPT", "#DECRYPT", "#WRAP_KEY", "#UNWRAP_KEY", "#EXPORT", "#DERIVE_KEY", "#GENERATE_CRYPTOGRAM", "#VALIDATE_CRYPTOGRAM", "#TRANSLATE_ENCRYPT", "#TRANSLATE_DECRYPT", "#TRANSLATE_WRAP", "#TRANSLATE_UNWRAP" ], "wallet" : "#VALUE", "attributes" : { "name" : { "value" : "#VALUE", "type" : "#text|uri" }, "contactInfo" : "#VALUE", "activationDate" : "#VALUE", "deactivationDate" : "#VALUE", "processStartDate" : "#VALUE", "protectStopDate" : "#VALUE" } } } }
- Save the generated input to a file (for example,
reg_secret.json
) and then edit it to register the secret object.{ "service" : { "category" : "managed-object", "resource" : "secret", "action" : "register", "options" : { "object" : "./hr_db_connect_password.txt", "type" : "PASSWORD", "mask" : [ "DERIVE_KEY" ], "wallet" : "hr_wallet", "attributes" : { "name" : { "value" : "HR-DB-CONNECT-PASSWORD", "type" : "text" }, "contactInfo" : "psmith@example.com" "activationDate" : "2020-12-31 09:00:00", "deactivationDate" : "2024-12-31 09:00:00", "processStartDate" : "2020-12-31 09:00:00", "protectStopDate" : "2024-12-31 09:00:00" } } } }
- Run the
okv managed-object secret register
command using the generated JSON file.okv managed-object secret register --from-json reg_secret.json
Output similar to the following appears:
{ "result": "Success", "value": { "uuid": "0F54D31A-ABA0-4F15-BF67-1B7513DD8634" } }
Example Using Output Format Text
okv managed-object secret register --output_format text --object object_name type PASSWORD|SEED wallet wallet_name --mask cryptogrpahic_usage_mask
Output
Output similar to the following appears:
"0F54D31A-ABA0-4F15-BF67-1B7513DD8634"
Parent topic: Security Object Commands
5.31 okv managed-object wallet add-member Command
The okv managed-object wallet add-member
command adds a
security object to a wallet as its member.
This command authenticates with the endpoint's client certificate.
Required Authorization
The endpoint must have read-modify permission on the object and manage-wallet access (MW
) on the wallet.
Syntax
okv managed-object wallet add-member --uuid UUID --wallet wallet_name
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "wallet", "action": "add-member", "options": { "uuid": "#VALUE", "wallet": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the managed object that is being added to the wallet. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object wallet add-member
command.okv managed-object wallet add-member --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "wallet", "action": "add-member", "options": { "uuid": "#VALUE", "wallet": "#VALUE" } } }
- Save the generated input to a file (for example,
add_wallet_member.json
) and then edit it to add the security object to the wallet.{ "service": { "category": "managed-object", "resource": "wallet", "action": "add-member", "options": { "uuid": "D69D2F32-2DBB-4FF3-BF52-95487526E6EC", "wallet": "hr_wallet" } } }
- Run the
okv managed-object wallet add-member
command using the generated JSON file.okv managed-object wallet add-member --from-json add_wallet_member.json
Output similar to the following appears:
{ "result": "Success" }
Example Using Output Format Text
okv managed-object wallet add-member --output_format text --uuid UUID --wallet wallet_name
Output
- exit code 0 - Indicates Success
- exit code 1- Indicates Failure
Parent topic: Security Object Commands
5.32 okv managed-object wallet delete-member Command
The okv managed-object wallet delete-member
command deletes
the membership of the managed-object from a wallet.
This command authenticates with the endpoint's client certificate.
Required Authorization
The endpoint must have read-modify permission on the object and manage-wallet access (MW
) on the wallet.
Syntax
okv managed-object wallet delete-member --uuid UUID --wallet wallet_name
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "wallet", "action": "delete-member", "options": { "uuid": "#VALUE", "wallet": "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Universally unique ID (UUID) of the managed object in the wallet. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object wallet delete-member
command.okv managed-object wallet delete-member --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "wallet", "action": "delete-member", "options": { "uuid": "#VALUE", "wallet": "#VALUE" } } }
- Save the generated input to a file (for example,
delete_wallet_member.json
) and then edit it to delete the security object from the wallet.{ "service": { "category": "managed-object", "resource": "wallet", "action": "delete-member", "options": { "uuid": "D69D2F32-2DBB-4FF3-BF52-95487526E6EC", "wallet": "hr_wallet" } } }
- Run the
okv managed-object wallet delete-member
command using the generated JSON file.okv managed-object wallet delete-member --from-json delete_wallet_member.json
Output similar to the following appears:
{ "result": "Success" }
Example Using Output Format Text
okv managed-object wallet delete-member --output_format text --uuid UUID --wallet wallet_name
Output
- exit code 0 - Indicates Success
- exit code 1- Indicates Failure
Parent topic: Security Object Commands
5.33 okv managed-object wallet list Command
The okv managed-object wallet list
command lists wallets
that have their access granted to the endpoint used to connect to Oracle Key Vault.
This command authenticates with the endpoint's client certificate.
Required Authorization
None, but this command returns only those wallets to which the current endpoint is granted access.
Syntax
JSON Input File Template
{ "service": { "category": "managed-object", "resource": "wallet", "action": "list" } } }
okv managed-object wallet list
Parameters
NoneTemplate Parameter | Required? | Description |
---|---|---|
--output_format |
Optional |
Specifies output format of the command. The command completes with an exit code 0, when command is executed successfully, and exit code 1, when the command fails and generates a relevant error message. The default value is:
|
Note:
Use the CLI command syntax to specify the output_format option. By default, the output format is JSON. However, the output_format option with a value as 'text' displays the output in text format. Use of text output format removes the need to parse JSON output. The option is useful when the output of a command serves as input for another command.JSON Example
- Generate JSON input for the
okv managed-object wallet list
command.okv managed-object wallet list --generate-json-input
The generated input appears as follows:
{ "service": { "category": "managed-object", "resource": "wallet", "action": "list" } } }
- Save the generated input to a file (for example,
wallet_list.json
). - Run the
okv managed-object wallet list
command using the generated JSON file.okv managed-object wallet list --from-json wallet_list.json
Output similar to the following appears:
{ "result": "Success", "value": { "wallets": [ "HR_WALLET", "SALES_WALLET" ] } } )
Example Using Output Format Text
okv managed-object --output_format text wallet list
Output
Output similar to the following appears:
"HR_WALLET","SALES_WALLET
Parent topic: Security Object Commands