1. Index

Index

A  B  C  D  E  F  G  I  J  K  L  M  N  O  P  R  S  T  U  V  W  

A

B

  • backing up data
    • about 20.1
    • best practices 20.9
    • chanding schedule 20.4.2
    • deleting schedule 20.4.3
    • finding information about 20.6.8
    • multi-master cluster environment 20.4.5
    • primary-standby deployment 20.4.4
    • recovery passphrase 20.4.6
    • removing local backups 20.7
    • removing old backups, about 20.6.1
    • removing old backups, adding policy to existing destination 20.6.3
    • removing old backups, changing schedule 20.6.4
    • removing old backups, creating schedule 20.6.2
    • removing old backups, deleting schedule 20.6.7
    • resuming backup destination policy 20.6.6
    • scheduling backup 20.4.1
    • suspending backup destination policy 20.6.5
  • backup destinations
  • Backup Restore Failed C.5.4, C.5.4.1
  • backups
  • backup scheduling 20.4
  • benefits
    • centralizing key lifecyle management 1.2
    • centralizing key storage 1.2
    • fighting security threats 1.2

C

  • candidate nodes 3.4.3.3
  • centralized storage
  • centralized storage and management of security objects 1.5.1
  • centrally managed passwords 16.5.2
  • certifcates
    • rotation, checking overall status 18.4.8
    • rotation, checking status for endpoints 18.4.9
    • setting batch size for endpoint rotations 18.4.6
    • setting rotation sequence for multimaster cluster nodes 18.4.7
    • setting validity of self-signed CA certificates 18.4.3
  • Certificate File Failure C.3.5
  • certificates
    • See: console certificates
  • changepwd command (okvutil) B.3
  • changing a user group description 10.5.7
  • Classic mode network interface
  • cluster nodes
  • cluster node types
  • clusters
    • creating first node 4.2.2
    • deleting a node 4.6
    • disabling a node 4.4
    • disabling node replication 4.8.2
    • enabling a node 4.5
    • enabling node replication 4.8.3
    • force deleting a node 4.7
    • management information 3.7, 4.9
    • monitoring information 4.10
    • read-only, creating 4.2.3.2
    • read-write pair of nodes, creating 4.2.3.1
    • read-write pairs of nodes, creating 4.2.3.3
    • restarting cluster services 4.8.1
    • setting up, about 4.2.1
    • terminating node pairing 4.3
  • cluster size and availability guidance 3.5.1
  • cluster subgroups
  • Commercial National Security Algorithm (CNSA)
    • about 17.6.1
    • backup and restore operations 17.6.3
    • running scripts 17.6.2
    • upgrading primary-standby Oracle Key Vault servers 17.6.5
    • upgrading standalone Oracle Key Vault server 17.6.4
  • configuration files
    • endpoint configuration file 14.6
  • configuration parameters
  • configuring a primary-standby deployment 5.1.1
  • conflicts in names of objects 4.11.1
  • console certificates
    • about managing 19.1
    • backup data restored 19.5
    • downloading CA request 19.2
    • having signed 19.3
    • primary-standby environments 19.5
    • RESTful services 19.5
    • uploading 19.4
  • controller nodes
  • Could Not Store Private Key Errors C.3.3
  • Create Endpoint Group privilege
    • endpoint privileges
      • separation of duty 2.4.1
    • granting or changing 10.2.5
    • separation of duty 2.4.1
  • Create Endpoint privilege
  • creating a user group 10.5.3
  • creating user accounts 10.1.4
  • credential files
  • credentials
    • guidance for SQL*Plus 16.2
    • guidance for SSH 16.3
  • critical data 3.3.4
  • C SDK 1.6.4

D

  • dashboard
  • data
    • backing up, about 20.1
    • backup removal, about 20.6.1
    • backup removal schedule, adding to existing destination 20.6.3
    • backup removal schedule, changing 20.6.4
    • backup removal schedule, creating 20.6.2
    • backup removal schedule, deleting 20.6.7
    • backup removal schedule, finding information about 20.6.8
    • backup removal schedule, resuming 20.6.6
    • backup removal schedule, suspending 20.6.5
    • backups, deleting local 20.7
    • restoring, about 20.1
  • Database as a Service
    • about configuring for Key Vault 7.2.1
    • configuring instance 7.2.2
    • creating low privileged user 7.2.3
    • deleting SSH tunnel 7.3.7
    • disabling SSH tunnel 7.3.5
    • enrolling instance as endpoint
      • about 7.4.1
      • installing Oracle Key Vault software onto 7.4.4
      • post-installation tasks 7.4.5
      • preparing environment 7.4.3
      • registering 7.4.2
    • resuming access to Oracle Key Vault 7.7
    • reverse SSH tunnel in multi-master cluster 7.3.2
    • reverse SSH tunnel in primary-standby configuration 7.3.3
    • SSH tunnel between Oracle Key Vault and DBaas instance 7.3.1
    • SSH tunnel not active 7.3.6
    • suspending access to Oracle Key Vault
    • users
      • low privileged user for DBaaS 7.2.3
    • viewing SSH tunnel details 7.3.4
  • deleting user accounts 10.1.6
  • deleting user groups 10.5.9
  • deployment
    • architecture 2.2
    • overview 1.7
  • deployments
    • credential files, archiving and downloading 16.1.1
    • Java keystores, uploading and downloading 12.4.1
    • JKS and JCEKS keystores, archiving and downloading 12.5.1
    • migrating standalone Key Vault server to multi-master cluster 3.4.4.1
    • online master encryption keys for TDE wallets 1.3.2
    • Oracle wallets, uploading and downloading 12.4.1
    • primary-standby to multi-master cluster 3.4.4.2
    • recommendations for 4.12
  • deployment scenarios
  • diagnostic reports
  • diagnostics
    • accessing with okvutil diagnostics B.4
  • DNS
    • configuring NTP servers for non-multi-master clusters 17.2.3
    • nodes 17.3.2.3
  • DNS settings
  • download command (okvutil) B.5
  • Download Diagnostics C.2.2
  • downloading
  • downtime, minimizing 17.7
  • Dual NIC mode network interface
  • dual NIC network mode
    • changing for nodes 17.3.2.7
    • changing for standalone environment 17.2.7

E

  • effective group membership, LDAP users 9.1
  • email addresses
  • email notification
  • emergency system recovery 2.6
  • endpoint 13.2.5.6.1
  • endpoint administrators
  • endpoint groups
    • access grant to virtual wallet 13.7.4
    • adding endpoint too 13.7.5
    • creating 13.7.2
    • deleting 13.7.7
    • modifying details 13.7.3
    • modifying virtual wallets from Keys & Wallets tab 11.2.3
    • multi-master clusters, effect on 13.7.1
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 11.2.2
    • removing endpoint 13.7.6
  • endpoint node scan lists
  • endpoint privileges
  • EndPoint Related Issues C.1.1
  • endpoints 13.7.2
    • See also: endpoint groups
    • about 13.2.5.1
    • about managing 13.1.1
    • adding access to virtual wallet 13.6.1
    • adding to an endpoint group 13.7.5
    • adding using administrator-initiated enrollment 13.2.3
    • adding using self-enrollment 13.2.4
    • adding using self-enrollment, about 13.2.4.1
    • adding using self-enrollment, procedure for 13.2.4.2
    • administrators for 13.1.1
    • alternative for individual 13.2.5.3
    • associating default wallet with 13.5.1
    • configuration file 14.6
    • configuration parameters, about 13.4.1
    • DBaaS
    • default wallet, setting for 13.5.2
    • deleting 13.2.5.1, 13.2.5.2, 13.2.5.3
    • details
    • diagnostics B.4, B.8, B.9
    • downloading software 14.2.1
    • endpoint node scan lists 3.6.3
    • enrolling and provisioning 14.2.1
    • enrollment
    • enrollment in multi-master cluster 13.2.2
    • enrollment process
    • enrollment types 13.2.1
    • guidance on enrolling across deployments 3.5.3
    • installing software for new enrollment 14.2.3
    • Java home, how determined 14.3.1
    • limitiations of TDE endpoint integration 12.2.2
    • modifying virtual wallets from Keys & Wallets tab 11.2.3
    • multi-master clusters, effect on 13.1.2
    • naming guidelines 2.5
    • nodes available for connection 3.6.3
    • not using Oracle Key Vault client software 14.4
    • okvclient.ora file 14.6
    • okvutil utility for provisioning B.1
    • one or more endpoints 13.2.5.2
    • Oracle Cloud Infrastructure database instance
    • password, changing B.3
    • post-installation for new enrollment 14.2.4
    • preparing environment for new enrollment 14.2.2
    • privileges for managing 2.4.3.1
    • provisioning
    • reenrolling 13.2.5.5
    • removing access to virtual wallets from Keys & Wallets tab 11.2.2
    • removing from an endpoint group 13.7.6
    • reports 21.4.5
    • revoking access to virtual wallet 13.6.2
    • rotation 13.2.5.6, 18.6
    • setting configuration parameters globally 13.4.2.1
    • setting configuration parameters per endpoint 13.4.3.1
    • setting extractable attribute value globally 13.4.2.2
    • setting extractable attribute value per endpoint 13.4.3.2
    • settings, about 13.4.1
    • suspending 13.2.5.4
    • TDE endpoint management 14.5
    • unmodfiabable okvclient.ora parameters 14.7
    • upgrading for enrolled 14.8.5
    • upgrading for unenrolled
      • downloading Oracle Key Vault okvclient.jar software 14.8.2
      • installing Oracle Key Vault okvclient.jar software 14.8.3
      • post-installation tasks 14.8.4
      • preparing environment 14.8.1
    • upgrading from unenrolled endpoint 14.8
    • wallet items, viewing 13.6.3
  • endpoint self-enrollment, about 13.2.1
  • enrolling endpoints
  • environment variables
    • JAVA_HOME, how determined during client installation 14.3.1
    • OKV_HOME
      • non-database utilities 14.3.3
      • set during installation 14.3.2
    • okvclient.ora location of 14.3.2
    • persistent master encryption key cache 12.1.4
    • sqlnet.ora file 14.3.4
  • Error
    • Object is Unstorable in Container error B.5
  • EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 12.1.7.6
  • external keystore password uploads
  • external keystore password uploads to large deployments 16.5.2
    • changing passwords 16.5.5
    • example script for using passwords 16.5.3
    • sharing secrets 16.5.4
  • extractable attribute
  • extractable attribute value of symmetric and private keys
    • about 11.5.1
    • setting
      • symmetric keys
        • preventing existing symmetric keys from being extracted 11.5.2

F

  • failovers
    • restoring primary-standby after 5.4
  • Fast-Start Failover (FSFO) Failure C.8.2
  • FIPS 140–2 2.9
  • FIPS-Inside
    • See: FIPS mode
  • FIPS mode 2.9

G

  • granting access to objects or users 2.3.2

I

J

  • JAVA_HOME environment variable
    • how determined during client installation 14.3.1
    • location determined during installation 14.3.1
  • Java keystores
    • downloading B.5
    • uploading B.7
  • Java SDK 1.6.4
  • JKS and JCEKS keystores
  • JKS and JCKS keystores
    • change to content guidance 12.5.4
    • downloading
    • overwriting danger of 12.5.4
    • sharing with multiple endpoints guidance 12.5.4
    • uploading

K

  • Kerberos keytabs
    • downloading B.5
  • Key Administrator role
  • key lifecycle management 1.5.2
  • key management reports for Oracle endpoints 21.4.2
  • key rotation 1.3.2
  • keys
  • keystores
    • Automatic Storage Management
      • about uploading from 15.4.1
      • copying keystore to 15.4.3
      • procedure for uploading from 15.4.2
  • KMIP Protocol 1.5.8

L

  • LDAP configuration
    • about 9.1
    • about logging in as LDAP user 9.4.1
    • creating the provider connection 9.3.2
    • deleting 9.5.5
    • disabling 9.5.4
    • enabling 9.5.1
    • LDAP directory server preparation tasks 9.3.1
    • logging in as LDAP user 9.4.2
    • mapping LDAP groups to Oracle Key Vault user groups 9.3.3
    • modifying 9.5.2
    • privilege grants for LDAP users 9.2
    • testing 9.5.3
  • LDAP groups
    • about 9.6.1
    • creating group mappings 9.6.2
    • deleting mapping 9.6.5
    • modifying group mappings 9.6.3
    • validating group mappings 9.6.4
  • LDAP users
    • about 9.7.1
    • about validation 9.7.3.1
    • effective group membership 9.1
    • finding information about 9.7.2
    • modifying, about 9.7.4.1
    • modifying by regular users who have manage wallet privileges 9.7.4.3
    • modifying using Key Administrator role 9.7.4.2
    • removing from Oracle Key Vault 9.7.5
    • validating 9.7.3.2
  • list command (okvutil) B.6
  • list common errors(okvutil) B.10
  • local backup destinations
  • logging in

M

  • Manage Endpoint Group privilege
  • Manage Endpoint privilege
  • management console
  • Management Information Base (MIB) variables 21.1.1.6
  • master encryption keys
    • See: persistent master encryption key cache
    • persistent master encryption key cache 1.5.5, 12.1.3
    • TDE,
      • See: persistent master encryption key cache
    • user-defined key as 12.6.1
  • maximum disable node duration
  • Microsoft Active Directory
    • See: Single Sign-OnLDAP configuration
  • monitoring
  • monitoring information for clusters 4.10
  • multi-master cluster
    • addition of second node 8.3.2
  • multi-master cluster configuration
    • Oracle Audit Vault integration 21.3.6.6
  • multi-master clusters 3.3
    • about managing 4.1
    • addition of new server to cluster 3.4.3.3
    • addition of nodes 3.4.3.4
    • administration users, effect on 10.1.3.5
    • auditing for cluster
    • auditing for individual nodes
    • Audit Manager role, affect on 10.1.3.4
    • backup and restore operations 20.1
    • benefits 3.2
    • building and managing, about 3.4.1
    • candidate node 3.4.3.3
    • changing recovery passphrase 17.4.4
    • cluster node 3.3.1
    • cluster subgroups 3.3.3
    • controller node 3.4.3.2
    • critical data 3.3.4
    • difference from primary-standby configuration 5.1.3
    • DNS for individual nodes
    • DNS settings 17.3.3.2
    • downtime, minimizing 17.7
    • effect on role management 10.2.1
    • endpoint enrollment 13.2.2
    • endpoint groups, effect on 13.7.1
    • endpoints 13.2.2
    • endpoints, effect on 13.1.2
    • expansion of
    • FIPS mode for individual nodes, setting 17.3.2.5
    • host name network setting for individual nodes 17.3.2.1
    • inconsistency resolution 3.6.1
    • initial node 3.4.2
    • Key Administrator role, effect on 10.1.3.3
    • keys, effect on 11.4.2
    • maximum disable node duration 17.3.3.3
    • mid-size cluster 3.5.3
    • migrating standalone Key Vault server to 3.4.4.1
    • mode types 3.3.7
    • multi-master clusters
      • expansion of
    • name conflict resolution 3.6.2
    • network services for individual nodes 17.3.2.2
    • node limitations 3.3.2
    • operations permitted on modes 3.3.8
    • Oracle Key Vault management console, setting timeout 17.3.3.8
    • overview 3.1
    • primary-standby to multi-master cluster 3.4.4.2
    • read-only mode 3.3.7
    • read-only node 3.3.6
    • read-only restricted mode 3.3.7
    • read-write mode 3.3.7
    • read-write node 3.3.5
    • reconfiguration changes 3.4.3.2
    • RESTful services enablement 17.3.3.5
    • restore operations 20.5.3
    • reverse SSH tunnels 7.3.2
    • security objects, effect on 11.4.2
    • size and availability 3.5.1
    • SNMP settings 17.3.3.7
    • SNMP settings for individual node 17.3.2.9
    • syslog destination
    • syslog settings 17.3.3.4
    • syslog settings, node 17.3.2.6
    • System Administrator role, effect on 10.1.3.2
    • system settings 17.3.1
    • system settings for individual nodes 17.3.2
    • system time for cluster
    • system time for individual nodes
    • system users, effect on 10.1.3.6
    • two data centers 3.5.3
    • two nodes 3.5.2
    • user accounts, effect on 10.1.3
    • user groups, changing description 10.5.7
    • user groups, creating in 10.5.3
    • user groups, deleting 10.5.9
    • user groups, effect on 10.5.2
    • user groups, removing users from 10.5.8
    • user groups, renaming 10.5.6
    • users, effect on 10.1.3.5
    • virtual wallet user access to 10.2.7
  • MySQL integration with Oracle Key Vault 15.5

N

  • naming conflicts
  • network details
    • configuring for non-multi-master clusters 17.2.1
  • network interface
  • network services
    • configuring for non-multi-master clusters 17.2.2
  • node certificates
  • nodes
    • creating first node 4.2.2
    • deleting 4.6
    • disabling 4.4
    • disabling replication 4.8.2
    • enabling 4.5
    • enabling replication 4.8.3
    • force deleting 4.7
    • restarting cluster services for 4.8.1
    • terminating pairing of 4.3
  • NTP servers
    • configuring DNS for non-multi-master clusters 17.2.3

O

  • OASIS Key Management Interoperability Protocol (KMIP)
    • Oracle Key Vault implementation of 1.5.8
  • objects
    • naming guidelines 2.5
  • OKV_HOME environment variable
    • non-database utilities 14.3.3
  • okvclient.jar
    • downloading for installation on endpoint 14.2.1
  • okvclient.ora file
    • about 14.6
    • unmodfiable parameters 14.7
  • okvutil errors
    • common errors B.10
  • okvutil utility
    • about 1.6, 1.6.2
    • changepwd command B.3
    • diagnostics command B.4
    • download command B.5
    • list command B.6
    • sign command B.8
    • sign-verify command B.9
    • syntax B.2
    • upload command B.7
    • used to manage endpoints B.1
  • online master encryption keys
    • about using with Oracle Key Vault 1.3.2
    • centralized management of TDE keys 1.3.2
    • Oracle Data Guard connection 15.3.3
    • Oracle GoldenGate 15.2.2
  • operations, restrictions and conditions of A
  • options for access control 2.3.3
  • Oracle Active Data Guard
    • support for data moves 15.6
  • Oracle Audit Vault
    • checking monitoring for multi-master cluster node 17.3.2.10
    • checking monitoring for non-multi-master clusters 17.2.9
  • Oracle Audit Vault integration
  • Oracle Cloud Infrastructure database instance endpoints
  • Oracle Data Guard
    • migrating Oracle wallets 15.3.4
    • online master encryption keys connection 15.3.3
    • reverse migrating wallets 15.3.5
    • uploading wallets to Oracle Key Vault 15.3.1
  • Oracle Data Pump support for data moves 15.6
  • Oracle GoldenGate
    • online master encryption keys with
    • TDE wallet migration
    • wallets used with 15.2.1
  • Oracle Key Vault
    • administering cluster environments 17.3
    • benefits 1.2
    • deployment architecture 2.2
    • deployment overview 1.7
    • key management, about 1.1
    • standards and protocols 1.5.8
    • who should use 1.4
  • Oracle Key Vault Backup Failed C.5.1
  • Oracle Key Vault client
  • Oracle Key Vault client software
    • endpoints not using 14.4
  • Oracle Key Vault compute instance
  • Oracle Key Vault compute instances
    • backup operations 6.4.3
    • restore operations 6.4.3
  • Oracle Key Vault concepts 2.1
  • Oracle Key Vault endpoint utility
    • See: okvutil utility
  • Oracle Key Vault features
    • Advanced Cluster File System encryption key management 1.5.12
    • audit and monitoring services, external support for 1.5.10
    • backup and restore support for security objects 1.5.6
    • centralized storage and management of security objects 1.5.1, 1.5.8
    • database release and platform support 1.5.9
    • DBaaS endpoint support 1.5.13
    • HSM integration 1.5.14
    • key lifecycle management 1.5.2
    • MySQL integration 1.5.11
    • persistent master encryption key cache 1.5.5
    • primary-standby environment support 1.5.15, 17.5
    • reporting and alerts 1.5.3
    • RESTful service support 1.5.7
    • separation of duties 1.5.4
  • Oracle Key Vault general system administration
  • Oracle Key Vault Installation Failed C.7.1
  • Oracle Key Vault interfaces 1.6, 1.6.2
  • Oracle Key Vault keys
  • Oracle Key Vault maintenance
  • Oracle Key Vault management console
    • about 1.6
    • timeout for multi-master cluster nodes 17.3.3.8
    • timeout for Web sessions for non-multi-master clusters 17.2.10
  • Oracle Key Vault Multi-Master Cluster A
  • Oracle Key Vault state
  • Oracle Key Vault Upgrade Failed C.7.2
  • Oracle Key Vault use cases 1.3
  • Oracle Real Application Clusters
    • support for data moves 15.6
    • wallets 15.1
  • Oracle Recovery Manager (RMAN) support for data moves 15.6
  • Oracle wallets
  • Oracle ZFS Storage Appliance

P

  • passphrases 17.4.1
    • See also: passwords
    • changing in clusters environment 17.4.4
    • changing in non-clusters environment 17.4.3
    • recovering system 17.4.1
  • passwords 17.4.1
    • See also: passphrases
    • about changing 10.3.1, 10.3.3
    • centrally managed 16.5.2
    • changing endpoint password B.3
    • changing password automatically 10.3.3.2
    • changing password manually 10.3.3.1
    • changing support user 10.6.2
    • changing your own 10.3.2
    • controlling manual password reset operations, about 10.3.4.1
    • controlling manual password reset operations, configuration 10.3.4.2
  • persistent master encryption key cache
    • about 12.1.1
    • architecture 12.1.2
    • caching master encryption keys in-memory 12.1.3
    • contents of, listing 12.1.8
    • environment variables, importance of setting 12.1.4
    • modes of operation
    • Oracle Database deployments 12.1.9
    • PEXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 12.1.7.6
    • PKCS11_CACHE_TIMEOUT parameter 12.1.7.1
    • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 12.1.7.4
    • PKCS11_PERSISTENT_CACHE_FIRST parameter 12.1.7.3
    • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 12.1.7.5
    • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 12.1.7.2
    • refresh window 12.1.6
    • storage location 12.1.4
  • PKCS11_CACHE_TIMEOUT parameter 12.1.7.1
  • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 12.1.7.4
  • PKCS11_PERSISTENT_CACHE_FIRST parameter 12.1.7.3
  • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 12.1.7.5
  • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 12.1.7.2
  • powering off Oracle Key Vault for non-multi-master clusters 17.2.11
  • powering off Oracle Key Vault nodes 17.3.2.11
  • primary servers
    • role in primary-standby configuration 5.1.4
  • primary-standby
  • primary-standby configuration
    • about 5.1.1
    • benefits 5.1.2
    • best practices 5.7
    • changing SNMP settings on standby server 21.1.1.4
    • checking TDE wallet migration for logical standby 15.3.7
    • configuring primary server 5.2.1, 16.4.1, 16.4.2, 16.4.3
    • configuring standby server 5.2.2
    • difference from multi-master clusters 5.1.3
    • disabling 5.5
    • downtime, minimizing 17.7
    • enabling primary-standby on primary 5.2.3
    • migrating TDE wallets to Oracle Key Vault for standby 15.3.6
    • Oracle Audit Vault integration 21.3.6.6
    • persistent master encryption key cache
      • downtime, minimizing 17.7
    • primary server
    • primary server role 5.1.4
    • read-only restricted mode
      • downtime, minimizing 17.7
    • read-only restricted mode, disabling 5.6.6
    • read-only restricted mode, enabling 5.6.5
    • read-only restricted mode, recovering from 5.6.7
    • read-only restricted mode disabled 5.6.3
    • read-only restricted mode enabled 5.6.2
    • read-only restricted mode impact 5.6.1
    • read-only restricted mode state during network failure 5.6.4.4
    • read-only restricted mode state during primary server failure 5.6.4.2
    • read-only restricted mode state during standby server failure 5.6.4.3
    • read-only restricted mode states 5.6.4.1
    • restoring primary-standby after 5.4
    • reverse SSH tunnels 7.3.3
    • standby server
    • standby server role 5.1.5
    • switching servers 5.3
    • unpairing 5.5
  • primary-standby environments
    • console certificates 19.5
  • primary-standby server
    • moving to multi-master cluster 3.4.4.2
  • Primary-Standby Status C.8.3
  • privileges 2.3.1
    • See also: access control
    • access control options 2.3.3
    • access grants for virtual wallets 2.3.2

R

  • read-only mode
  • read-only nodes
  • read-only restricted mode
    • about 3.3.7
    • disabling 5.6.6
    • enabling 5.6.5
    • notifications 5.6.8
    • primary-standby configuration, impact on 5.6.1
    • primary-standby configuration without read-only restricted mode enabled 5.6.3
    • primary-standby configuration with read-only restricted mode enabled 5.6.2
    • recovering primary-standby 5.6.7
  • read-only restricted mode states
    • network failure in primary-standby configuration 5.6.4.4
    • primary server failure 5.6.4.2
    • primary-standby configuration 5.6.4.1
    • standby server failure 5.6.4.3
  • read-write mode
  • read-write nodes
  • read-write pair of nodes
  • read-write pairs of nodes
  • rebooting Oracle Key Vault for non-multi-master clusters 17.2.11
  • rebooting Oracle Key Vault nodes 17.3.2.11
  • recovery passphrase
    • about recovering 17.4.1
    • changing in clusters environment 17.4.4
    • changing in non-clusters environment 17.4.3
    • protecting the backup 20.4.6
  • re-enroll an endpoint C.2.1
  • rekey operation 1.3.2
  • remote backup destination
  • remote backup destinations
  • Remote Backup Failed C.5.3
  • remotely monitoring using SNMP 21.1.1.5
  • remote monitoring
  • removing user from a user group 10.5.8
  • renaming a user group 10.5.6
  • reporting 1.5.3
  • reports
  • restarting Oracle Key Vault for non-multi-master clusters 17.2.11
  • restarting Oracle Key Vault nodes 17.3.2.11
  • RESTful command-line interface commands
  • RESTful services
    • about 1.6.3
    • console certificates 19.5
    • disabling for non-multi-master clusters 17.2.8
    • enabling for non-multi-master clusters 17.2.8
    • multi-master clusters, enablement 17.3.3.5
  • restoring data
  • roles
  • Roots of Trust (RoT) 1.5.14
  • root user

S

  • secrets
  • secure user management 10.3.4.1
  • security objects
  • self-enrollment, for endpoints 13.2.4.1
  • separation of duties 1.5.4
  • server certificates
  • Signle Sign-On
  • sign signatures
    • accessing with okvutil sign B.8
  • sign-verify
    • accessing with okvutil sign-verify B.9
  • Single Sign-On
    • See: IDP
  • SNMP
    • about 21.1.1.1
    • changing settings on standby server 21.1.1.4
    • changing user name and password 21.1.1.3
    • example of simplified remote monitoring 21.1.1.7
    • granting access to user 21.1.1.2
    • Management Information Base (MIB) variables 21.1.1.6
    • remotely monitoring Oracle Key Vault 21.1.1.5
  • SNMP settings
  • split-brain scenarios 5.1.1
  • SQL*Plus
    • guidance for credentials 16.2
    • guidance for secrets 16.2
  • sqlnet.ora file
    • environment variables and 14.3.4
  • SSH
    • guidance for credentials 16.3
    • guidance for secrets 16.3
  • SSH key files
    • downloading from Key Vault to a wallet B.5
  • SSH Tunnel Add Failure C.9.1
  • SSH tunnels
    • creating between Oracle Key Vault and DBaas instance 7.3.1
    • deleting 7.3.7
    • disabling 7.3.5
    • multi-master clusters 7.3.5, 7.3.6, 7.3.7
    • not active 7.3.6
    • reverse SSH tunnel in multi-master cluster 7.3.2
    • reverse SSH tunnel in primary-standby configuration 7.3.3
    • viewing details 7.3.4
  • SSL Client Error C.10.1, C.10.2
  • SSL Layer Error C.3.7
  • standby servers
    • role in primary-standby configuration 5.1.5
  • support user
  • syslog
    • configuring for non-multi-master clusters 17.2.6
  • syslog configuration
  • syslog settings
  • System Administrator role
  • system diagnostics
    • See: diagnostic reports
  • System Metrics
  • system recovery 2.6, 17.4.1
  • system time
    • setting for non-multi-master clusters 17.2.4
  • system users
    • multi-master cluster effect on 10.1.3.6

T

  • TDE direct connect
    • See: online master encryption keys
  • TDE-enabled databases
    • about configuring Key Vault for 12.2.1
    • configuring environment for 12.2.3
    • integrating TDE with Key Vault 12.2.4
    • limitations of TDE endpoint integration 12.2.2
  • TDE master encryption keys
    • centralized management 1.3.2
  • TDE wallets
  • third-party certificates
  • time
  • Transparent Data Encryption 12.2.1
    • See also: TDE-enabled databases
    • downtime, minimizing for TDE heartbeat 17.7
    • endpoint management 14.5
  • transportable tablespaces support for data moves 15.6
  • types of backups 20.3.2

U

  • Unable to boot the Virtual Machine C.7.5
  • Unable to schedule new backup C.5.2
  • Upgrade Failure C.7.4
  • upgrading endpoint software
    • unenrolled endpoint 14.8
  • upload command (okvutil) B.7
  • uploading
  • Uploading Java Keystore C.3.6
  • use cases 1.3
    • centralized storage 1.3.1
    • key rotation 1.3.2
    • online management of keys and secret data 1.3.4
    • storage of credential files 1.3.3
  • user accounts
    • multi-master clusters, effect on 10.1.3
  • user-defined keys
  • user groups 10.5.1
    • adding a user 10.5.4
    • changing description 10.5.7
    • creating 10.5.3
    • deleting 10.5.9
    • granting access to virtual wallet 10.5.5
    • modifying virtual wallets from Keys & Wallets tab 11.2.3
    • multi-master clusters, effect on 10.5.2
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 11.2.2
    • removing access to virtual wallets from User's tab 11.3.3
    • removing user from 10.5.8
    • renaming 10.5.6
    • revoking access to virtual wallets 11.3.4
  • users 10.5.1
    • See also: user groups
    • about changing password 10.3.3
    • about user accounts 10.1.1, 10.1.2.1, 10.1.3.1
    • administrative roles, about 10.2.1
    • administrative roles, granting or changing 10.2.2
    • administrative roles, revoking 10.2.8
    • changing own password 10.3.2
    • changing password automatically 10.3.3.2
    • changing password manually 10.3.3.1
    • changing passwords, about 10.3.1
    • changing support user password 10.6.2
    • changing user email address 10.4.1
    • controlling manual password reset operations, about 10.3.4.1
    • controlling manual password reset operations, configuration 10.3.4.2
    • Create Endpoint Group privilege, granting or changing 10.2.5
    • Create Endpoint privilege, granting or changing 10.2.3
    • creating accounts 10.1.4
    • deleting accounts 10.1.6
    • disabling email notifications 10.4.2
    • endpoint administrators
    • endpoint privileges, about 10.2.1
    • endpoint privileges, revoking 10.2.8
    • granting access to virtual wallet 10.2.7
    • Manage Endpoint Group privilege, granting or changing 10.2.6
    • Manage Endpoint privilege, granting or changing 10.2.4
    • modifying virtual wallets from Keys & Wallets tab 11.2.3
    • multi-master cluster effect on 10.1.3.5
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 11.2.2
    • removing access to virtual wallets from User's tab 11.3.2
    • reports 21.4.6
    • root user
    • support user
    • view account details 10.1.5

V

  • viewing user account details 10.1.5
  • virtual wallets
    • about 11.1.1
    • access management from Keys and Wallets tab 11.2.1
    • adding endpoint access to 13.6.1
    • adding security objects to 11.1.4
    • creating 11.1.2
    • deleting 11.1.6
    • endpoint group access grant 13.7.4
    • granting access to from Keys & Wallets tab 11.2.2
    • granting access to from Users tab 11.3.1
    • granting user access to 10.2.7, 10.5.5
    • granting user group access to from User's tab 11.3.3
    • modifying 11.1.3
    • modifying from Keys & Wallets tab 11.2.3
    • naming guidelines 2.5
    • removing security objects from 11.1.5
    • removing user access to from Users tab 11.3.2
    • revoking endpoint access 13.6.2
    • revoking user group access from 11.3.4

W

  • wallet not open error C.3.1
  • wallets
    • checking TDE wallet migration for logical standby
    • downloading
    • downloading from Key Vault to a wallet B.5
    • endpoint group access grant 13.7.4
    • endpoints, associating 13.5.1
    • endpoints, viewing wallet items for 13.6.3
    • key rotation guidance 12.4.4
    • migrating existing TDE wallet to Key Vault
    • migrating TDE to Key Vault for logical standby database
    • migrating to Oracle Data Guard 15.3.4
    • Oracle GoldenGate use with 15.2.1
    • Oracle Real Application Clusters environment 15.1
    • overwriting danger of 12.4.4
    • reports 21.4.3
    • restoring database contents previously encrypted by TDE
    • reverse migrating in Oracle Data Guard
    • setting default for endpoint 13.5.2
    • sharing with multiple endpoints guidance 12.4.4
    • uploading
    • uploading contents to Key Vault server B.7
    • uploading in Oracle Data Guard