4 Access Management Commands
You can use the access management commands to manage wallets and endpoint groups.
- okv manage-access endpoint-group add-endpoint Command
Theokv manage-access endpoint-group add-endpoint
command adds an existing endpoint to an endpoint group. - okv manage-access endpoint-group check-status Command
Theokv manage-access endpoint-group check-status
command checks the naming conflict resolution status of an endpoint group in a multi-master cluster. - okv manage-access endpoint-group create Command
Theokv manage-access endpoint-group create
command creates a new endpoint group. - okv manage-access endpoint-group delete Command
Theokv manage-access endpoint-group delete
command deletes an endpoint group. - okv manage-access endpoint-group get Command
Theokv manage-access endpoint-group get
command retrieves detailed information about an endpoint group, such as its member endpoints and wallet access. - okv manage-access endpoint-group list Command
Theokv manage-access endpoint-group list
command retrieves a list of endpoint groups and their associated information. - okv manage-access endpoint-group remove-endpoint Command
Theokv manage-access endpoint-group remove-endpoint
command removes an endpoint from an endpoint group. - okv manage-access endpoint-group update Command
Theokv manage-access endpoint-group update
command changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique. - okv manage-access wallet add-access Command
Theokv manage-access wallet add-access
command grants an endpoint or an endpoint group a level of access to a wallet. - okv manage-access wallet add-object Command
Theokv manage-access wallet add-object
command adds a security object to a wallet. - okv manage-access wallet check-status Command
Theokv manage-access wallet check-status
command checks the naming conflict resolution status of a wallet in a multi-master cluster. - okv manage-access wallet create Command
Theokv manage-access wallet create
command creates a wallet. - okv manage-access wallet delete Command
Theokv manage-access wallet delete
command deletes a wallet. - okv manage-access wallet get Command
Theokv manage-access wallet get
command retrieves information about a specified wallet, such as the default wallet name and the wallet access. - okv manage-access wallet get-default Command
Theokv manage-access wallet get-default
command gets the default wallet that has been associated with an endpoint. - okv manage-access wallet list Command
Theokv manage-access wallet list
command lists wallets on which some level of access is granted to the user. - okv manage-access wallet list-objects Command
Theokv manage-access wallet list-objects
command retrieves the security objects that are members of the specified wallet. - okv manage-access wallet list-endpoint-wallets Command
Theokv manage-access wallet list-endpoint-wallets
command lists the wallets that are associated with an endpoint. - okv manage-access wallet remove-access Command
Theokv manage-access wallet remove-access
command removes the access that an endpoint or an endpoint group has to a wallet. - okv manage-access wallet remove-object Command
Theokv manage-access wallet remove-object
command removes a security object from a wallet. - okv manage-access wallet set-default Command
Theokv manage-access wallet set-default
command sets the default wallet for an endpoint. - okv manage-access wallet update Command
Theokv manage-access wallet update
command updates a wallet. - okv manage-access wallet update-access Command
Theokv manage-access wallet update-access
command updates the level of access that an endpoint or an endpoint group has to a wallet.
4.1 okv manage-access endpoint-group add-endpoint Command
The okv manage-access endpoint-group add-endpoint
command adds an existing endpoint to an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group add-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_member
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. To find existing endpoint groups, run the |
|
Required |
Name of the endpoint. To find existing endpoints, run the |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group add-endpoint
command.okv manage-access endpoint-group add-endpoint --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
add_ep_to_group.json
) and then edit it to add the endpoint to an endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "add-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access endpoint-group add-endpoint
command using the generated JSON file.okv manage-access endpoint-group add-endpoint --from-json add_ep_to_group.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.2 okv manage-access endpoint-group check-status Command
The okv manage-access endpoint-group check-status
command checks the naming conflict resolution status of an endpoint group in a multi-master cluster.
This command is meant primarily for multi-master cluster environments. However, it is valid for other deployments and can be used to check the existence of an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group check-status --endpoint-group endpoint_group_name|--locator-id UUID
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "endpointGroup" : "#VALUE", "locatorID" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
The name of the endpoint group or the locator ID (universally unique ID (UUID)) of the endpoint group that you want to check. The You must specify either the To find existing endpoint groups, run the To find the locator ID, check the output from the |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group check-status
command.okv manage-access endpoint-group check-status --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "endpointGroup" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example,
check-status_epg.json
) and then edit it so that you can check the endpoint group's status. Specify either theendpointGroup
value or thelocatorID
value, but not both.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "check-status", "options" : { "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } } }
- Run the
okv manage-access endpoint-group check-status
command using the generated JSON file.okv manage-access endpoint-group check-status --from-json check-status_epg.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "ACTIVE", "endpointGroup" : "EPG_HR" } }
Output includes the name of the endpoint group if the endpoint group object is in
ACTIVE
state. The endpoint group name shown here may be different from what was specified at the endpoint group creation time. If the endpoint groups with the same name are created on multiple cluster nodes, then Oracle Key Vault performs naming conflict resolution and it renames all but one endpoint groups by appending_OKVnode-id
to the endpoint group name. For example, if you named the endpoint groupEPG_HR
, and there is a naming conflict, then the name could beEPG_HR_OKV01
.On deployments other than multi-master cluster, this command returns
Success
if the endpoint group exists and output does not include entries showing the endpoint group name and its state.
Parent topic: Access Management Commands
4.3 okv manage-access endpoint-group create Command
The okv manage-access endpoint-group create
command creates a new endpoint group.
Required Authorization
Key Administrator role or Create Endpoint Group system privilege
Syntax
okv manage-access endpoint-group create --endpoint-group endpoint_group_name --description "endpoint group description" --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. See Naming Guidelines for Objects. To find existing endpoint groups, run the |
|
Optional |
A user-friendly description of the endpoint group enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group create
command.okv manage-access endpoint-group create --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
create_epg.json
) and then edit it so that you can create the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "create", "options" : { "endpointGroup" : "epg_hr", "description" : "HR endpoint group", "unique" : "FALSE" } } }
- Run the
okv manage-access endpoint-group create
command using the generated JSON file.okv manage-access endpoint-group create --from-json create_epg.json
Output for a multi-master cluster environment appears similar to the following:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }
You can use the
locatorID
from this output with theokv manage-access endpoint-group check-status
command to display the current state of the endpoint group object. If the object status isACTIVE
, then this command also displays the object name after the conflict-name resolution.
Parent topic: Access Management Commands
4.4 okv manage-access endpoint-group delete Command
The okv manage-access endpoint-group delete
command deletes an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group delete --endpoint-group endpoint_group_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. To find existing endpoint groups, run the |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group delete
command.okv manage-access endpoint-group delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "#VALUE" } } }
- Save the generated input to a file (for example,
delete_epg.json
) and then edit it so that you can delete the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "delete", "options" : { "endpointGroup" : "epg_hr" } } }
- Run the
okv manage-access endpoint-group delete
command using the generated JSON file.okv manage-access endpoint-group delete --from-json delete_epg.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.5 okv manage-access endpoint-group get Command
The okv manage-access endpoint-group get
command retrieves detailed information about an endpoint group, such as its member endpoints and wallet access.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group get --endpoint-group endpoint_group_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "get", "options" : { "endpointGroup" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group. To find existing endpoint groups, run the |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group get
command.okv manage-access endpoint-group get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "get", "options" : { "endpointGroup" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_ep_group.json
) and then edit it to specify the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "get", "options" : { "endpointGroup" : "hr_ep_grp" } } }
- Run the
okv manage-access endpoint-group get
command using the generated JSON file.okv manage-access endpoint-group get --from-json get_ep_group.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-14 13:09:14", "description" : "", "endpointGroup" : "HR_EP_GRP", "endpointGroupMembers" : [ { "description" : "", "endpoint" : "HR_DB_EP_1" }, { "description" : "", "endpoint" : "HR_DB_EP_2" } ], "walletAccess" : [ { "access" : "RO_MW", "wallet" : "HR_WALLET" } ] } }
Parent topic: Access Management Commands
4.6 okv manage-access endpoint-group list Command
The okv manage-access endpoint-group list
command retrieves a list of endpoint groups and their associated information.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group list --limit number_of_endpoints
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "list", "options" : { "limit" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
Number of endpoint groups to list. Enter any whole number from |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group list
command.okv manage-access endpoint-group list --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "list", "options" : { "limit" : "#VALUE" } } }
- Save the generated input to a file (for example,
list_ep_groups.json
) and then edit it to specify the number of records for the output.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "list", "options" : { "limit" : "3" } } }
- Run the
okv manage-access endpoint-group list
command using the generated JSON file.okv manage-access endpoint-group list --from-json list_ep_groups.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "endpointGroups" : [ { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-14 13:09:14", "description" : "", "endpointGroup" : "EPG_HR" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-16 19:29:03", "description" : "", "endpointGroup" : "SALES_DB_EPG" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-16 19:29:17", "description" : "", "endpointGroup" : "ORDERS_DB_EPG" } ] } }
Parent topic: Access Management Commands
4.7 okv manage-access endpoint-group remove-endpoint Command
The okv manage-access endpoint-group remove-endpoint
command removes an endpoint from an endpoint group.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group remove-endpoint --endpoint-group endpoint_group_name --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint group that you want to remove. To find existing endpoints, run the |
|
Required |
Name of the endpoint that is associated with the endpoint group. To find existing endpoints, run the |
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group remove-endpoint
command.okv manage-access endpoint-group remove-endpoint --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
remove_ep_from_epg.json
) and then edit it to remove the endpoint from the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "remove-endpoint", "options" : { "endpointGroup" : "epg_hr", "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access endpoint-group remove-endpoint
command using the generated JSON file.okv manage-access endpoint-group remove-endpoint --from-json remove_ep_from_epg.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.8 okv manage-access endpoint-group update Command
The okv manage-access endpoint-group update
command changes the name and description of an endpoint group, and can be used to ensure that the endpoint group name is unique.
Required Authorization
Key Administrator role or the Manage Endpoint Group object privilege for the endpoint group
Syntax
okv manage-access endpoint-group update --endpoint-group endpoint_group_name --description "description" --name new_endpoint_group_name --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Current name of the endpoint group. To find existing endpoint groups, run the |
|
Optional |
A user-friendly description of the endpoint group enclosed within double quotation marks |
|
Optional |
New endpoint group name. See Naming Guidelines for Objects. |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access endpoint-group update
command.okv manage-access endpoint-group update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
epg_update.json
) and then edit it so that you can update the endpoint group.{ "service" : { "category" : "manage-access", "resource" : "endpoint-group", "action" : "update", "options" : { "endpointGroup" : "epg_hr", "name" : "epg_hr_global", "description" : "Global HR Endpoint Group", "unique" : "FALSE" } } }
- Run the
okv manage-access endpoint-group update
command using the generated JSON file.okv manage-access endpoint-group update --from-json epg_update.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "67E0906F-95EE-4A95-A496-D7DAEA5EDC5F" } }
This example shows the output for renaming an endpoint group in a multi-master cluster. On renaming, an endpoint group is placed into the
PENDING
state for the duration of the naming conflict resolution.You can use the
locatorID
from this output with theokv manage-access endpoint-group check-status
command to display the current state of the endpoint group object. If the object status isACTIVE
, then this command also displays the object name after the conflict-name resolution.Unless you renamed the endpoint group in a multi-master cluster, the status and
locatorID
entries are not included in the output.
Parent topic: Access Management Commands
4.9 okv manage-access wallet add-access Command
The okv manage-access wallet add-access
command grants an endpoint or an endpoint group a level of access to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet add-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "#VALUE", "endpointGroup": "#VALUE", "endpoint": "#VALUE", "access": "#RO|RM|RO_MW|RM_MW" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
or
|
Required |
Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find registered endpoints, run the |
|
Required |
Enter one of the following values:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet add-access
command.okv manage-access wallet add-access --generate-json-input
The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both.
{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "#VALUE", "endpointGroup": "#VALUE", "endpoint": "#VALUE", "access": "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example,
add_access_wallet.json
) and then edit it so that you can add wallet access to the endpoint or endpoint group. The following example is for the wallet access to an endpoint only.{ "service": { "category": "manage-access", "resource": "wallet", "action": "add-access", "options": { "wallet": "hr_wallet", "endpoint": "hr_db_ep", "access": "RO" } } }
- Run the
okv manage-access wallet add-access
command using the generated JSON file.okv manage-access wallet add-access --from-json add_access_wallet.json
Output similar to the following appears:
{ "result": "Success" }
Parent topic: Access Management Commands
4.10 okv manage-access wallet add-object Command
The okv manage-access wallet add-object
command adds a security object to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or have read-modify permission on the object and manage wallet (MW
) permission on the wallet.
Syntax
okv manage-access wallet add-object --wallet wallet_name --uuid uuid
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "add-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv manage-access wallet add-object
command.okv manage-access wallet add-object --generate-json-input
The generated input appears as follows.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "add-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
add_obj_wallet.json
) and then edit it to specify the object to add to the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "add-object", "options" : { "wallet" : "hr_wallet", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } } }
- Run the
okv manage-access wallet add-object
command using the generated JSON file.okv manage-access wallet add-object --from-json add_object_wallet.json
Output similar to the following appears:
{ "result": "Success" }
Parent topic: Access Management Commands
4.11 okv manage-access wallet check-status Command
The okv manage-access wallet check-status
command checks the naming conflict resolution status of a wallet in a multi-master cluster.
This command is meant primarily for multi-master cluster environments. However, it is valid for other deployments and can be used to check the existence of a wallet.
This command uses a user name and password for the authentication.
Required Authorization
None, but the user only gets the status for the wallets to which he or she has access.
Syntax
okv manage-access wallet check-status --wallet wallet_name|--locator-id UUID
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "wallet" : "#VALUE", "locatorID" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
The name of the wallet or the locator ID (universally unique ID (UUID)) of the wallet that you want to check. The You must specify either the To find the names of existing wallets to which you have access, run the To find the locator ID, check the output of the |
JSON Example
- Generate JSON input for the
okv manage-access wallet check-status
command.okv manage-access wallet check-status --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "wallet" : "#VALUE", "locatorID" : "#VALUE" } } }
- Save the generated input to a file (for example,
check_wallet.json
) and then edit it so that you can check the status of the wallet. Specify either thewallet
value or thelocatorID
value, but not both.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "check-status", "options" : { "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } } }
- Run the
okv manage-access wallet check-status
command using the generated JSON file.okv manage-access wallet check-status --from-json check_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "ACTIVE", "wallet" : "hr_wallet" } }
Output includes the name of the wallet if the wallet object is in
ACTIVE
state. The wallet name shown here may be different from what was specified at the wallet creation time. If the wallets with the same name are created on multiple cluster nodes, Oracle Key Vault performs naming conflict resolution and it renames all but one wallets by appending_OKVnode-id
to the wallet name. For example, if you named the walletHR_WALLET
, and there is a naming conflict, the name could beHR_WALLET_OKV01
.On deployments other than multi-master cluster, this command returns
Success
if the wallet exists and output does not include entries showing the wallet name and its state.
Parent topic: Access Management Commands
4.12 okv manage-access wallet create Command
The okv manage-access wallet create
command creates a wallet.
This command uses a user name and password for the authentication.
Required Authorization
None
Syntax
okv manage-access wallet create --wallet wallet_name --description "wallet_description" --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the Ensure that you follow the naming guidelines for objects. |
|
Optional |
A user-friendly description for the wallet, enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet create
command.okv manage-access wallet create --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
create_wallet.json
) and then edit it so that you can create the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "create", "options" : { "wallet" : "hr_wallet", "description" : "wallet for HR endpoint", "unique" : "FALSE" } } }
- Run the
okv manage-access wallet create
command using the generated JSON file.okv manage-access wallet create --from-json create_wallet.json
Output for a multi-master cluster environment appears similar to the following:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }
You can use the
locatorID
from this output with theokv manage-access wallet check-status
command to display the current state of the wallet object. If the object status isACTIVE
, then this command also displays the object name after the conflict-name resolution.
Parent topic: Access Management Commands
4.13 okv manage-access wallet delete Command
The okv manage-access wallet delete
command deletes a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet delete --wallet wallet_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "delete", "options" : { "wallet" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
JSON Example
- Generate JSON input for the
okv manage-access wallet delete
command.okv manage-access wallet delete --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "delete", "options" : { "wallet" : "#VALUE" } } }
- Save the generated input to a file (for example,
del_wallet.json
) and then edit it to specify the wallet to delete from Oracle Key Vault.{ "service" : { "category" : "manage-access", "resource ": "wallet", "action" : "delete", "options" : { "wallet" : "hr_wallet" } } }
- Run the
okv manage-access wallet delete
command using the generated JSON file.okv manage-access wallet delete --from-json del_wallet.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.14 okv manage-access wallet get Command
The okv manage-access wallet get
command retrieves information about a specified wallet, such as the default wallet name and the wallet access.
This command uses a user name and password for the authentication.
Required Authorization
None
Syntax
okv manage-access wallet get --wallet wallet_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get", "options" : { "wallet" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
JSON Example
- Generate JSON input for the
okv manage-access wallet get
command.okv manage-access wallet get --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get", "options" : { "wallet" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_wallet.json
) and then edit it to specify the name of the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get", "options" : { "wallet" : "hr_wallet" } } }
- Run the
okv manage-access wallet get
command using the generated JSON file.okv manage-access wallet get --from-json get_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-30 19:40:59", "description" : "", "wallet" : "HR_WALLET", "walletAccess" : { "endpointAccess" : [ { "access" : "RO_MW", "defaultWallet" : "", "subjectName" : "HR_DB_EP1", "type" : "Direct" }, { "access" : "RO", "defaultWallet" : "TRUE", "subjectName" : "HR_DB_EP2", "type" : "Direct" } ], "endpointGroupAccess" : [ { "access" : "RO_MW", "subjectName" : "HR_DB_EPG" } ], "userAccess" : [ { "access" : "RO", "subjectName" : "Paul Hill" } ], "userGroupAccess" : [ { "access" : "RO", "subjectName" : "HR_GROUP_1" } ] } } }
Parent topic: Access Management Commands
4.15 okv manage-access wallet get-default Command
The okv manage-access wallet get-default
command gets the default wallet that has been associated with an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
None, but the default wallet information for the endpoint is returned if the user has some level of access on that wallet.
Syntax
okv manage-access wallet get-default --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Name of the endpoint. To find existing endpoints, run the |
JSON Example
- Generate JSON input for the
okv manage-access wallet get-default
command.okv manage-access wallet get-default --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
get_def_wallet.json
) and then edit it to retrieve the default wallet that is associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "get-default", "options" : { "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access wallet get-default
command using the generated JSON file.okv manage-access wallet get-default --from-json get_def_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "defaultWallet" : "HR_WALLET" } }
Parent topic: Access Management Commands
4.16 okv manage-access wallet list Command
The okv manage-access wallet list
command lists wallets on which some level of access is granted to the user.
Required Authorization
None
Syntax
okv manage-access wallet list --limit number_of_wallets
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list", "options" : { "limit" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Optional |
Number of wallets to list. Enter any whole number from |
JSON Example
- Generate JSON input for the
okv manage-access wallet list
command.okv manage-access wallet list --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list", "options" : { "limit" : "#VALUE" } } }
- Save the generated input to a file (for example,
list_wallets.json
) and then edit it to specify the number of records.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list", "options" : { "limit" : "3" } } }
- Run the
okv manage-access wallet list
command using the generated JSON file.okv manage-access wallet list --from-json list_wallets.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "fetchedObjectCount" : "3", "wallets" : [ { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-13 15:22:02", "description" : "", "wallet" : "HR_WALLET" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-07-30 19:40:59", "description" : "", "wallet" : "sales_wallet" }, { "createdBy" : "OKVADMIN", "creationTime" : "2021-09-13 04:55:06", "description" : "", "wallet" : "ORDERS_WALLET" } ] } }
Parent topic: Access Management Commands
4.17 okv manage-access wallet list-objects Command
The okv manage-access wallet list-objects
command retrieves the security objects that are members of the specified wallet.
Required Authorization
The user must have some level of access on the wallet.
Syntax
okv manage-access wallet list-objects --wallet wallet_name --limit number_of_objects --exclude-wallet-membership TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-objects", "options" : { "wallet" : "#VALUE", "limit" : "#VALUE", "excludeWalletMembership" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
Number of objects to list for the specified wallet. Enter any whole number from |
|
Optional |
Controls whether wallet membership information for each object is include in the output.
|
JSON Example
- Generate JSON input for the
okv manage-access wallet list-objects
command.okv manage-access wallet list-objects --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-objects", "options" : { "wallet" : "#VALUE", "limit" : "#VALUE", "excludeWalletMembership" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
list_wallet_obj.json
) and then edit it to specify a number of objects for the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-objects", "options" : { "wallet" : "hr_wallet", "limit" : "2" "excludeWalletMembership" : "FALSE" } } }
- Run the
okv manage-access wallet list-objects
command using the generated JSON file.okv manage-access wallet list-objects --from-json list_wallet_obj.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "fetchedObjectCount" : "2", "managedObjects" : [ { "creatingEndpoint" : "HR_DB_EP", "creationDate" : "2021-07-26 20:19:32", "deactivationDate" : "2029-12-25 15:11:11", "displayName" : "X.509 Certificate: DN EMAILADDRESS=psmith@example.com, CN=vienna, OU=Security, O=Oracle, L=Reston, ST=VA, C=US", "name" : "ps1009", "protectStopDate" : "2029-12-25 15:11:11", "state" : "Pre-Active", "type" : "Certificate", "uuid" : "975F17DF-11C1-4F16-BFBC-28E9C200C99F" }, { "creatingEndpoint" : "EMP_DB_EP", "creationDate" : "2021-06-30 21:01:48", "deactivationDate" : "", "displayName" : "Symmetric Key: Name psc7", "name" : "ps100,ps3,psa5,psb6,psc7", "protectStopDate" : "", "state" : "Active", "type" : "Symmetric Key", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } ] } }
Parent topic: Access Management Commands
4.18 okv manage-access wallet list-endpoint-wallets Command
The okv manage-access wallet list-endpoint-wallets
command lists the wallets that are associated with an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
None, but this command returns information about only those wallets on which user has some level of access.
Syntax
okv manage-access wallet list-endpoint-wallets --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
The name of the endpoint. To find existing endpoints, run the |
JSON Example
- Generate JSON input for the
okv manage-access wallet list-endpoint-wallets
command.okv manage-access wallet list-endpoint-wallets --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
list_ep_wallets.json
) and then edit it so that you can find the wallets that are associated with the specified endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "list-endpoint-wallets", "options" : { "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access wallet list-endpoint-wallets
command using the generated JSON file.okv manage-access wallet list-endpoint-wallets --from-json list_ep_wallets.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "wallets" : [ "WALLET10", "WALLET11" ] } }
Parent topic: Access Management Commands
4.19 okv manage-access wallet remove-access Command
The okv manage-access wallet remove-access
command removes the access that an endpoint or an endpoint group has to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet remove-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
or
|
Required |
Name of the endpoint or endpoint group. To find existing endpoints, run the |
JSON Example
- Generate JSON input for the
okv manage-access wallet remove-access
command.okv manage-access wallet remove-access --generate-json-input
The generated input appears as follows. This output includes the entire output, for both the endpoint and endpoint group. When you edit it, you must include the entry for either the endpoint or the endpoint group, but not both.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
remove_wallet_access_ep.json
) and then edit it so to remove wallet access from the endpoint or an endpoint group. The following example shows how to remove access from an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access wallet remove-access
command using the generated JSON file.okv manage-access wallet remove-access --from-json remove_wallet_access_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.20 okv manage-access wallet remove-object Command
The okv manage-access wallet remove-object
command removes a security object from a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or have read-modify permission on the object and manage wallet (MW
) permission on the wallet.
Syntax
okv manage-access wallet remove-object --wallet wallet_name --uuid uuid
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Required |
Universally unique ID (UUID) of the security object. To find the unique identifier for the object, in the Oracle Key Vault management console, click the Keys & Wallets tab, and then click Keys & Secrets in the left navigation window. In the Keys & Secrets table, check the Unique Identifier column. |
JSON Example
- Generate JSON input for the
okv manage-access wallet remove-object
command.okv manage-access wallet remove-object --generate-json-input
The generated input appears as follows.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-object", "options" : { "wallet" : "#VALUE", "uuid" : "#VALUE" } } }
- Save the generated input to a file (for example,
remove_wallet_obj.json
) and then edit it to specify the object to be removed from the wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "remove-object", "options" : { "wallet" : "hr_wallet", "uuid" : "7432AED6-6628-4F43-BF7C-9D30023A4301" } } }
- Run the
okv manage-access wallet remove-object
command using the generated JSON file.okv manage-access wallet remove-object --from-json remove_wallet_obj.json
Output similar to the following appears:
{ "result": "Success" }
Parent topic: Access Management Commands
4.21 okv manage-access wallet set-default Command
The okv manage-access wallet set-default
command sets the default wallet for an endpoint.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or Manage Endpoint privilege for the endpoint and Full Wallet privileges on the wallet
Syntax
okv manage-access wallet set-default --wallet wallet_name --endpoint endpoint_name
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "#VALUE", "endpoint" : "#VALUE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Required |
Name of the endpoint. To find existing endpoints, run the |
Example
- Generate JSON input for the
okv manage-access wallet set-default
command.okv manage-access wallet set-default --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "#VALUE", "endpoint" : "#VALUE" } } }
- Save the generated input to a file (for example,
set_def_wallet.json
) and then edit it to set the default wallet for the endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "set-default", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep" } } }
- Run the
okv manage-access wallet set-default
command using the generated JSON file.okv manage-access wallet set-default --from-json set_def_wallet.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands
4.22 okv manage-access wallet update Command
The okv manage-access wallet update
command updates a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet update --wallet wallet_name --name new_wallet_name
--description description --unique TRUE|FALSE
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
|
Optional |
A new name for the wallet. See Naming Guidelines for Objects. |
|
Optional |
A user-friendly description for the wallet, enclosed within double quotation marks |
|
Optional |
Applies to a multi-master cluster environment only. This Valid settings are as follows:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet update
command.okv manage-access wallet update --generate-json-input
The generated input appears as follows:
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "#VALUE", "name" : "#VALUE", "description" : "#VALUE", "unique" : "#TRUE|FALSE" } } }
- Save the generated input to a file (for example,
update_wallet.json
) and then edit it to update the name and description of a wallet. This example shows how to update the name of a wallet.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update", "options" : { "wallet" : "hr_wallet", "name" : "global_hr_wallet", "unique" : "false" } } }
- Run the
okv manage-access wallet update
command using the generated JSON file.okv manage-access wallet update --from-json update_wallet.json
Output similar to the following appears:
{ "result" : "Success", "value" : { "status" : "PENDING", "locatorID" : "81800CE6-6AAF-4EF5-A0FD-446ED6625F6A" } }
This example shows the output for renaming a wallet in a multi-master cluster. On renaming, a wallet is placed into the
PENDING
state for the duration of the naming conflict resolution.Unless you renamed the wallet in a multi-master cluster, the status and locatorID entries are not included in the output.
Related Topics
Parent topic: Access Management Commands
4.23 okv manage-access wallet update-access Command
The okv manage-access wallet update-access
command updates the level of access that an endpoint or an endpoint group has to a wallet.
This command uses a user name and password for the authentication.
Required Authorization
Key Administrator role or manage wallet (MW
) permission on the wallet
Syntax
okv manage-access wallet update-access --wallet wallet_name --endpoint endpoint_name|--endpoint-group endpoint_group_name --access RO|RM|RO_MW|RM_MW
JSON Input File Template
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE", "access" : "#RO|RM|RO_MW|RM_MW" } } }
Parameters
Parameter/Template Parameter | Required? | Description |
---|---|---|
|
Required |
Wallet name. To find the names of existing wallets to which you have access, run the |
or
|
Required |
Name of the endpoint or endpoint group. You can only specify either an endpoint or an endpoint group, but not both. To find existing endpoints, run the |
|
Required |
Enter one of the following values:
|
JSON Example
- Generate JSON input for the
okv manage-access wallet update-access
command.okv manage-access wallet update-access --generate-json-input
The generated input appears as follows. This output includes wallet access settings for both endpoints and endpoint groups. When you edit it, you must include either the endpoint settings or the endpoint group settings, but not both.
{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "#VALUE", "endpointGroup" : "#VALUE", "endpoint" : "#VALUE", "access" : "#RO|RM|RO_MW|RM_MW" } } }
- Save the generated input to a file (for example,
update_wallet_access_ep.json
) and then edit it to update the wallet access to an endpoint or an endpoint group. This example shows how to update access of a wallet to an endpoint.{ "service" : { "category" : "manage-access", "resource" : "wallet", "action" : "update-access", "options" : { "wallet" : "hr_wallet", "endpoint" : "hr_db_ep", "access" : "RM" } } }
- Run the
okv manage-access wallet update-access
command using the generated JSON file.okv manage-access wallet update-access --from-json update_wallet_access_ep.json
Output similar to the following appears:
{ "result" : "Success" }
Parent topic: Access Management Commands