1. Index

Index

A  B  C  D  E  F  G  I  J  K  L  M  N  O  P  R  S  T  U  V  W  

A

B

  • backing up data
    • about 21.1
    • best practices 21.9
    • chanding schedule 21.4.2
    • deleting schedule 21.4.3
    • finding information about 21.6.8
    • multi-master cluster environment 21.4.5
    • primary-standby deployment 21.4.4
    • recovery passphrase 21.4.6
    • removing local backups 21.7
    • removing old backups, about 21.6.1
    • removing old backups, adding policy to existing destination 21.6.3
    • removing old backups, changing schedule 21.6.4
    • removing old backups, creating schedule 21.6.2
    • removing old backups, deleting schedule 21.6.7
    • resuming backup destination policy 21.6.6
    • scheduling backup 21.4.1
    • suspending backup destination policy 21.6.5
  • backup destinations
  • Backup Restore Failed C.5.4, C.5.4.1
  • backups
  • backup scheduling 21.4
  • benefits
    • centralizing key lifecyle management 1.2
    • centralizing key storage 1.2
    • fighting security threats 1.2

C

  • candidate nodes 3.4.3.3
  • centralized storage
  • centralized storage and management of security objects 1.5.1
  • centrally managed passwords 17.5.2
  • certifcates
    • rotation, checking overall status 19.4.9
    • rotation, checking status for endpoints 19.4.10
    • setting batch size for endpoint rotations 19.4.7
    • setting rotation sequence for multimaster cluster nodes 19.4.8
    • setting validity of self-signed CA certificates 19.4.4
  • Certificate File Failure C.3.5
  • certificates
    • See: console certificates
  • changepwd command (okvutil) B.3
  • changing a user group description 9.5.7
  • Classic mode network interface
  • cluster nodes
  • cluster node types
  • clusters
    • creating first node 4.2.2
    • deleting a node 4.6
    • disabling a node 4.4
    • disabling node replication 4.8.2
    • enabling a node 4.5
    • enabling node replication 4.8.3
    • force deleting a node 4.7
    • management information 3.7, 4.9
    • monitoring information 4.10
    • read-only, creating 4.2.3.2
    • read-write pair of nodes, creating 4.2.3.1
    • read-write pairs of nodes, creating 4.2.3.3
    • restarting cluster services 4.8.1
    • setting up, about 4.2.1
    • terminating node pairing 4.3
  • cluster size and availability guidance 3.5.1
  • cluster subgroups
  • Commercial National Security Algorithm (CNSA)
    • about 18.6.1
    • backup and restore operations 18.6.3
    • running scripts 18.6.2
    • upgrading primary-standby Oracle Key Vault servers 18.6.5
    • upgrading standalone Oracle Key Vault server 18.6.4
  • configuration files
    • endpoint configuration file 13.6
  • configuration parameters
  • configuring a primary-standby deployment 23.1.1
  • conflicts in names of objects 4.11.1
  • console certificates
    • about managing 20.1
    • backup data restored 20.5
    • downloading CA request 20.2
    • having signed 20.3
    • primary-standby environments 20.5
    • RESTful services 20.5
    • uploading 20.4
  • controller nodes
  • Could Not Store Private Key Errors C.3.3
  • Create Endpoint Group privilege
    • endpoint privileges
      • separation of duty 2.4.1
    • granting or changing 9.2.5
    • separation of duty 2.4.1
  • Create Endpoint privilege
  • creating a user group 9.5.3
  • creating user accounts 9.1.4
  • credential files
  • credentials
    • guidance for SQL*Plus 17.2
    • guidance for SSH 17.3
  • critical data 3.3.4
  • C SDK 1.6.4

D

  • dashboard
  • data
    • backing up, about 21.1
    • backup removal, about 21.6.1
    • backup removal schedule, adding to existing destination 21.6.3
    • backup removal schedule, changing 21.6.4
    • backup removal schedule, creating 21.6.2
    • backup removal schedule, deleting 21.6.7
    • backup removal schedule, finding information about 21.6.8
    • backup removal schedule, resuming 21.6.6
    • backup removal schedule, suspending 21.6.5
    • backups, deleting local 21.7
    • restoring, about 21.1
  • Database as a Service
    • about configuring for Key Vault 6.2.1
    • configuring instance 6.2.2
    • creating low privileged user 6.2.3
    • deleting SSH tunnel 6.3.7
    • disabling SSH tunnel 6.3.5
    • enrolling instance as endpoint
      • about 6.4.1
      • installing Oracle Key Vault software onto 6.4.4
      • post-installation tasks 6.4.5
      • preparing environment 6.4.3
      • registering 6.4.2
    • resuming access to Oracle Key Vault 6.7
    • reverse SSH tunnel in multi-master cluster 6.3.2
    • reverse SSH tunnel in primary-standby configuration 6.3.3
    • SSH tunnel between Oracle Key Vault and DBaas instance 6.3.1
    • SSH tunnel not active 6.3.6
    • suspending access to Oracle Key Vault
    • users
      • low privileged user for DBaaS 6.2.3
    • viewing SSH tunnel details 6.3.4
  • deleting user accounts 9.1.6
  • deleting user groups 9.5.9
  • deployment
    • architecture 2.2
    • overview 1.7
  • deployments
    • credential files, archiving and downloading 17.1.1
    • Java keystores, uploading and downloading 11.4.1
    • JKS and JCEKS keystores, archiving and downloading 11.5.1
    • migrating standalone Key Vault server to multi-master cluster 3.4.4.1
    • online master encryption keys for TDE wallets 1.3.1
    • Oracle wallets, uploading and downloading 11.4.1
    • primary-standby to multi-master cluster 3.4.4.2
    • recommendations for 4.12
  • deployment scenarios
  • diagnostic reports
  • diagnostics
    • accessing with okvutil diagnostics B.4
  • DNS
    • configuring NTP servers for non-multi-master clusters 18.2.3
    • nodes 18.3.2.3
  • DNS settings
  • download command (okvutil) B.5
  • Download Diagnostics C.2.2
  • downloading
  • downtime, minimizing 18.7
  • Dual NIC mode network interface
  • dual NIC network mode
    • changing for nodes 18.3.2.7
    • changing for standalone environment 18.2.7

E

  • effective group membership, LDAP users 8.1
  • email addresses
    • changing 9.4.1
    • disabling email notifications 9.4.2
  • email notification
  • emergency system recovery 2.6
  • endpoint 12.2.5.6.1
  • endpoint administrators
  • endpoint groups
    • access grant to virtual wallet 12.7.4
    • adding endpoint too 12.7.5
    • creating 12.7.2
    • deleting 12.7.7
    • modifying details 12.7.3
    • modifying virtual wallets from Keys & Wallets tab 10.2.3
    • multi-master clusters, effect on 12.7.1
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 10.2.2
    • removing endpoint 12.7.6
  • endpoint node scan lists
  • endpoint privileges
  • EndPoint Related Issues C.1.1
  • endpoints 12.7.2
    • See also: endpoint groups
    • about 12.2.5.1
    • about managing 12.1.1
    • adding access to virtual wallet 12.6.1
    • adding to an endpoint group 12.7.5
    • adding using administrator-initiated enrollment 12.2.3
    • adding using self-enrollment 12.2.4
    • adding using self-enrollment, about 12.2.4.1
    • adding using self-enrollment, procedure for 12.2.4.2
    • administrators for 12.1.1
    • alternative for individual 12.2.5.3
    • associating default wallet with 12.5.1
    • configuration file 13.6
    • configuration parameters, about 12.4.1
    • DBaaS
    • default wallet, setting for 12.5.2
    • deleting 12.2.5.1, 12.2.5.2, 12.2.5.3
    • details
    • diagnostics B.4, B.8, B.9
    • downloading software 13.2.1
    • endpoint node scan lists 3.6.3
    • enrolling and provisioning 13.2.1
    • enrollment
    • enrollment in multi-master cluster 12.2.2
    • enrollment process
    • enrollment types 12.2.1
    • guidance on enrolling across deployments 3.5.3
    • installing software for new enrollment 13.2.3
    • Java home, how determined 13.3.1
    • limitiations of TDE endpoint integration 11.2.2
    • modifying virtual wallets from Keys & Wallets tab 10.2.3
    • multi-master clusters, effect on 12.1.2
    • naming guidelines 2.5
    • nodes available for connection 3.6.3
    • not using Oracle Key Vault client software 13.4
    • okvclient.ora file 13.6
    • okvutil utility for provisioning B.1
    • one or more endpoints 12.2.5.2
    • Oracle Cloud Infrastructure database instance
    • password, changing B.3
    • post-installation for new enrollment 13.2.4
    • preparing environment for new enrollment 13.2.2
    • privileges for managing 2.4.3.1
    • provisioning
    • reenrolling 12.2.5.5
    • removing access to virtual wallets from Keys & Wallets tab 10.2.2
    • removing from an endpoint group 12.7.6
    • reports 22.4.6
    • revoking access to virtual wallet 12.6.2
    • rotation 12.2.5.6, 19.6
    • setting configuration parameters globally 12.4.2.1
    • setting configuration parameters per endpoint 12.4.3.1
    • setting extractable attribute value globally 12.4.2.2
    • setting extractable attribute value per endpoint 12.4.3.2
    • settings, about 12.4.1
    • suspending 12.2.5.4
    • TDE endpoint management 13.5
    • unmodfiabable okvclient.ora parameters 13.7
    • upgrading for enrolled 13.8.5
    • upgrading for unenrolled
      • downloading Oracle Key Vault okvclient.jar software 13.8.2
      • installing Oracle Key Vault okvclient.jar software 13.8.3
      • post-installation tasks 13.8.4
      • preparing environment 13.8.1
    • upgrading from unenrolled endpoint 13.8
    • wallet items, viewing 12.6.3
  • endpoint self-enrollment, about 12.2.1
  • enrolling endpoints
  • environment variables
    • JAVA_HOME, how determined during client installation 13.3.1
    • OKV_HOME
      • non-database utilities 13.3.3
      • set during installation 13.3.2
    • okvclient.ora location of 13.3.2
    • persistent master encryption key cache 11.1.4
    • sqlnet.ora file 13.3.4
  • Error
    • Object is Unstorable in Container error B.5
  • EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 11.1.7.6
  • external keystore password uploads
  • external keystore password uploads to large deployments 17.5.2
    • changing passwords 17.5.5
    • example script for using passwords 17.5.3
    • sharing secrets 17.5.4
  • extractable attribute
  • extractable attribute value of symmetric and private keys
    • about 10.6.1
    • setting
      • symmetric keys
        • preventing existing symmetric keys from being extracted 10.6.2

F

  • failovers
    • restoring primary-standby after 23.4
  • Fast-Start Failover (FSFO) Failure C.8.2
  • FIPS 140–2 2.10
  • FIPS-Inside
    • See: FIPS mode
  • FIPS mode 2.10

G

  • granting access to objects or users 2.3.2

I

J

  • JAVA_HOME environment variable
    • how determined during client installation 13.3.1
    • location determined during installation 13.3.1
  • Java keystores
    • downloading B.5
    • uploading B.7
  • Java SDK 1.6.4
  • JKS and JCEKS keystores
  • JKS and JCKS keystores
    • change to content guidance 11.5.4
    • downloading
    • overwriting danger of 11.5.4
    • sharing with multiple endpoints guidance 11.5.4
    • uploading

K

  • Kerberos keytabs
    • downloading B.5
  • Key Administrator role
  • key lifecycle management 1.5.3
  • key management reports for Oracle endpoints 22.4.2
  • key rotation 1.3.1
  • keys
  • keystores
    • Automatic Storage Management
      • about uploading from 14.4.1
      • copying keystore to 14.4.3
      • procedure for uploading from 14.4.2
  • KMIP Protocol 1.5.9

L

  • LDAP configuration
    • about 8.1
    • about logging in as LDAP user 8.4.1
    • creating the provider connection 8.3.2
    • deleting 8.5.5
    • disabling 8.5.4
    • enabling 8.5.1
    • LDAP directory server preparation tasks 8.3.1
    • logging in as LDAP user 8.4.2
    • mapping LDAP groups to Oracle Key Vault user groups 8.3.3
    • modifying 8.5.2
    • privilege grants for LDAP users 8.2
    • testing 8.5.3
  • LDAP groups
    • about 8.6.1
    • creating group mappings 8.6.2
    • deleting mapping 8.6.5
    • modifying group mappings 8.6.3
    • validating group mappings 8.6.4
  • LDAP users
    • about 8.7.1
    • about validation 8.7.3.1
    • effective group membership 8.1
    • finding information about 8.7.2
    • modifying, about 8.7.4.1
    • modifying by regular users who have manage wallet privileges 8.7.4.3
    • modifying using Key Administrator role 8.7.4.2
    • removing from Oracle Key Vault 8.7.5
    • validating 8.7.3.2
  • list command (okvutil) B.6
  • list common errors(okvutil) B.11
  • local backup destinations
  • logging in

M

  • Manage Endpoint Group privilege
  • Manage Endpoint privilege
  • management console
  • Management Information Base (MIB) variables 22.1.1.6
  • master encryption keys
    • See: persistent master encryption key cache
    • persistent master encryption key cache 1.5.6, 11.1.3
    • TDE,
      • See: persistent master encryption key cache
    • user-defined key as 11.6.1
  • maximum disable node duration
  • Microsoft Active Directory
    • See: Single Sign-OnLDAP configuration
  • monitoring
  • monitoring information for clusters 4.10
  • multi-master cluster
    • addition of second node 7.3.2
  • multi-master cluster configuration
    • Oracle Audit Vault integration 22.3.8.6
  • multi-master clusters 3.3
    • about managing 4.1
    • addition of new server to cluster 3.4.3.3
    • addition of nodes 3.4.3.4
    • administration users, effect on 9.1.3.5
    • auditing for cluster
    • auditing for individual nodes
    • Audit Manager role, affect on 9.1.3.4
    • backup and restore operations 21.1
    • benefits 3.2
    • building and managing, about 3.4.1
    • candidate node 3.4.3.3
    • changing recovery passphrase 18.4.4
    • cluster node 3.3.1
    • cluster subgroups 3.3.3
    • controller node 3.4.3.2
    • critical data 3.3.4
    • difference from primary-standby configuration 23.1.3
    • DNS for individual nodes
    • DNS settings 18.3.3.2
    • downtime, minimizing 18.7
    • effect on role management 9.2.1
    • endpoint enrollment 12.2.2
    • endpoint groups, effect on 12.7.1
    • endpoints 12.2.2
    • endpoints, effect on 12.1.2
    • expansion of
    • FIPS mode for individual nodes, setting 18.3.2.5
    • host name network setting for individual nodes 18.3.2.1
    • inconsistency resolution 3.6.1
    • initial node 3.4.2
    • Key Administrator role, effect on 9.1.3.3
    • keys, effect on 10.5.2
    • maximum disable node duration 18.3.3.3
    • mid-size cluster 3.5.3
    • migrating standalone Key Vault server to 3.4.4.1
    • mode types 3.3.7
    • multi-master clusters
      • expansion of
    • name conflict resolution 3.6.2
    • network services for individual nodes 18.3.2.2
    • node limitations 3.3.2
    • operations permitted on modes 3.3.8
    • Oracle Key Vault management console, setting timeout 18.3.3.8
    • overview 3.1
    • primary-standby to multi-master cluster 3.4.4.2
    • read-only mode 3.3.7
    • read-only node 3.3.6
    • read-only restricted mode 3.3.7
    • read-write mode 3.3.7
    • read-write node 3.3.5
    • reconfiguration changes 3.4.3.2
    • RESTful services enablement 18.3.3.5
    • restore operations 21.5.3
    • reverse SSH tunnels 6.3.2
    • security objects, effect on 10.5.2
    • size and availability 3.5.1
    • SNMP settings 18.3.3.7
    • SNMP settings for individual node 18.3.2.9
    • syslog destination
    • syslog settings 18.3.3.4
    • syslog settings, node 18.3.2.6
    • System Administrator role, effect on 9.1.3.2
    • system settings 18.3.1
    • system settings for individual nodes 18.3.2
    • system time for cluster
    • system time for individual nodes
    • system users, effect on 9.1.3.6
    • two data centers 3.5.3
    • two nodes 3.5.2
    • user accounts, effect on 9.1.3
    • user groups, changing description 9.5.7
    • user groups, creating in 9.5.3
    • user groups, deleting 9.5.9
    • user groups, effect on 9.5.2
    • user groups, removing users from 9.5.8
    • user groups, renaming 9.5.6
    • users, effect on 9.1.3.5
    • virtual wallet user access to 9.2.8
  • MySQL integration with Oracle Key Vault 14.5

N

  • naming conflicts
  • network details
    • configuring for non-multi-master clusters 18.2.1
  • network interface
  • network services
    • configuring for non-multi-master clusters 18.2.2
  • node certificates
  • nodes
    • creating first node 4.2.2
    • deleting 4.6
    • disabling 4.4
    • disabling replication 4.8.2
    • enabling 4.5
    • enabling replication 4.8.3
    • force deleting 4.7
    • restarting cluster services for 4.8.1
    • terminating pairing of 4.3
  • NTP servers
    • configuring DNS for non-multi-master clusters 18.2.3

O

  • OASIS Key Management Interoperability Protocol (KMIP)
    • Oracle Key Vault implementation of 1.5.9
  • objects
    • naming guidelines 2.5
  • OKV_HOME environment variable
    • non-database utilities 13.3.3
  • okvclient.jar
    • downloading for installation on endpoint 13.2.1
  • okvclient.ora file
    • about 13.6
    • unmodfiable parameters 13.7
  • okvutil errors
    • common errors B.11
  • okvutil utility
    • about 1.6, 1.6.2
    • changepwd command B.3
    • diagnostics command B.4
    • download command B.5
    • list command B.6
    • sign command B.8
    • sign-verify command B.9
    • syntax B.2
    • upload command B.7
    • used to manage endpoints B.1
  • online master encryption keys
    • about using with Oracle Key Vault 1.3.1
    • centralized management of TDE keys 1.3.1
    • Oracle Data Guard connection 14.3.3
    • Oracle GoldenGate 14.2.2
  • operations, restrictions and conditions of A
  • options for access control 2.3.3
  • Oracle Active Data Guard
    • support for data moves 14.6
  • Oracle Audit Vault
    • checking monitoring for multi-master cluster node 18.3.2.10
    • checking monitoring for non-multi-master clusters 18.2.9
  • Oracle Audit Vault integration
  • Oracle Cloud Infrastructure database instance endpoints
  • Oracle Data Guard
    • migrating Oracle wallets 14.3.4
    • online master encryption keys connection 14.3.3
    • reverse migrating wallets 14.3.5
    • uploading wallets to Oracle Key Vault 14.3.1
  • Oracle Data Pump support for data moves 14.6
  • Oracle GoldenGate
    • online master encryption keys with
    • TDE wallet migration
    • wallets used with 14.2.1
  • Oracle Key Vault
    • administering cluster environments 18.3
    • benefits 1.2
    • deployment architecture 2.2
    • deployment overview 1.7
    • key management, about 1.1
    • standards and protocols 1.5.9
    • who should use 1.4
  • Oracle Key Vault Backup Failed C.5.1
  • Oracle Key Vault client
  • Oracle Key Vault client software
    • endpoints not using 13.4
  • Oracle Key Vault compute instance
  • Oracle Key Vault compute instances
    • backup operations 5.4.3
    • restore operations 5.4.3
  • Oracle Key Vault concepts 2.1
  • Oracle Key Vault endpoint utility
    • See: okvutil utility
  • Oracle Key Vault features
    • Advanced Cluster File System encryption key management 1.5.13
    • audit and monitoring services, external support for 1.5.11
    • backup and restore support for security objects 1.5.7
    • centralized storage and management of security objects 1.5.1, 1.5.9
    • database release and platform support 1.5.10
    • DBaaS endpoint support 1.5.14
    • HSM integration 1.5.15
    • key lifecycle management 1.5.3
    • MySQL integration 1.5.12
    • persistent master encryption key cache 1.5.6
    • primary-standby environment support 18.5
    • reporting and alerts 1.5.4
    • RESTful service support 1.5.8
    • separation of duties 1.5.5
  • Oracle Key Vault general system administration
  • Oracle Key Vault Installation Failed C.7.1
  • Oracle Key Vault interfaces 1.6, 1.6.2
  • Oracle Key Vault keys
  • Oracle Key Vault maintenance
  • Oracle Key Vault management console
    • about 1.6
    • timeout for multi-master cluster nodes 18.3.3.8
    • timeout for Web sessions for non-multi-master clusters 18.2.10
  • Oracle Key Vault Multi-Master Cluster A
  • Oracle Key Vault state
  • Oracle Key Vault Upgrade Failed C.7.2
  • Oracle Key Vault use cases 1.3
  • Oracle Real Application Clusters
    • support for data moves 14.6
    • wallets 14.1
  • Oracle Recovery Manager (RMAN) support for data moves 14.6
  • Oracle wallets
  • Oracle ZFS Storage Appliance

P

  • passphrases 18.4.1
    • See also: passwords
    • changing in clusters environment 18.4.4
    • changing in non-clusters environment 18.4.3
    • recovering system 18.4.1
  • passwords 18.4.1
    • See also: passphrases
    • about changing 9.3.1, 9.3.3
    • centrally managed 17.5.2
    • changing endpoint password B.3
    • changing password automatically 9.3.3.2
    • changing password manually 9.3.3.1
    • changing support user 9.6.2
    • changing your own 9.3.2
    • controlling manual password reset operations, about 9.3.4.1
    • controlling manual password reset operations, configuration 9.3.4.2
  • persistent master encryption key cache
    • about 11.1.1
    • architecture 11.1.2
    • caching master encryption keys in-memory 11.1.3
    • contents of, listing 11.1.8
    • environment variables, importance of setting 11.1.4
    • modes of operation
    • Oracle Database deployments 11.1.9
    • PEXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 11.1.7.6
    • PKCS11_CACHE_TIMEOUT parameter 11.1.7.1
    • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 11.1.7.4
    • PKCS11_PERSISTENT_CACHE_FIRST parameter 11.1.7.3
    • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 11.1.7.5
    • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 11.1.7.2
    • refresh window 11.1.6
    • storage location 11.1.4
  • PKCS11_CACHE_TIMEOUT parameter 11.1.7.1
  • PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 11.1.7.4
  • PKCS11_PERSISTENT_CACHE_FIRST parameter 11.1.7.3
  • PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 11.1.7.5
  • PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 11.1.7.2
  • powering off Oracle Key Vault for non-multi-master clusters 18.2.11
  • powering off Oracle Key Vault nodes 18.3.2.11
  • primary servers
    • role in primary-standby configuration 23.1.4
  • primary-standby
  • primary-standby configuration
    • about 23.1.1
    • benefits 23.1.2
    • best practices 23.7
    • changing SNMP settings on standby server 22.1.1.4
    • checking TDE wallet migration for logical standby 14.3.7
    • configuring primary server 17.4.1, 17.4.2, 17.4.3, 23.2.1
    • configuring standby server 23.2.2
    • difference from multi-master clusters 23.1.3
    • disabling 23.5
    • downtime, minimizing 18.7
    • enabling primary-standby on primary 23.2.3
    • migrating TDE wallets to Oracle Key Vault for standby 14.3.6
    • Oracle Audit Vault integration 22.3.8.6
    • persistent master encryption key cache
      • downtime, minimizing 18.7
    • primary server
    • primary server role 23.1.4
    • read-only restricted mode
      • downtime, minimizing 18.7
    • read-only restricted mode, disabling 23.6.6
    • read-only restricted mode, enabling 23.6.5
    • read-only restricted mode, recovering from 23.6.7
    • read-only restricted mode disabled 23.6.3
    • read-only restricted mode enabled 23.6.2
    • read-only restricted mode impact 23.6.1
    • read-only restricted mode state during network failure 23.6.4.4
    • read-only restricted mode state during primary server failure 23.6.4.2
    • read-only restricted mode state during standby server failure 23.6.4.3
    • read-only restricted mode states 23.6.4.1
    • restoring primary-standby after 23.4
    • reverse SSH tunnels 6.3.3
    • standby server
    • standby server role 23.1.5
    • switching servers 23.3
    • unpairing 23.5
  • primary-standby environments
    • console certificates 20.5
  • primary-standby server
    • moving to multi-master cluster 3.4.4.2
  • Primary-Standby Status C.8.3
  • privileges 2.3.1
    • See also: access control
    • access control options 2.3.3
    • access grants for virtual wallets 2.3.2

R

  • read-only mode
  • read-only nodes
  • read-only restricted mode
    • about 3.3.7
    • disabling 23.6.6
    • enabling 23.6.5
    • notifications 23.6.8
    • primary-standby configuration, impact on 23.6.1
    • primary-standby configuration without read-only restricted mode enabled 23.6.3
    • primary-standby configuration with read-only restricted mode enabled 23.6.2
    • recovering primary-standby 23.6.7
  • read-only restricted mode states
    • network failure in primary-standby configuration 23.6.4.4
    • primary server failure 23.6.4.2
    • primary-standby configuration 23.6.4.1
    • standby server failure 23.6.4.3
  • read-write mode
  • read-write nodes
  • read-write pair of nodes
  • read-write pairs of nodes
  • rebooting Oracle Key Vault for non-multi-master clusters 18.2.11
  • rebooting Oracle Key Vault nodes 18.3.2.11
  • recovery passphrase
    • about recovering 18.4.1
    • changing in clusters environment 18.4.4
    • changing in non-clusters environment 18.4.3
    • protecting the backup 21.4.6
  • re-enroll an endpoint C.2.1
  • rekey operation 1.3.1
  • remote backup destination
  • remote backup destinations
  • Remote Backup Failed C.5.3
  • remotely monitoring using SNMP 22.1.1.5
  • remote monitoring
  • removing user from a user group 9.5.8
  • renaming a user group 9.5.6
  • reporting 1.5.4
  • reports
  • restarting Oracle Key Vault for non-multi-master clusters 18.2.11
  • restarting Oracle Key Vault nodes 18.3.2.11
  • RESTful command-line interface commands
  • RESTful services
    • about 1.6.3
    • console certificates 20.5
    • disabling for non-multi-master clusters 18.2.8
    • enabling for non-multi-master clusters 18.2.8
    • multi-master clusters, enablement 18.3.3.5
  • restoring data
  • roles
  • Roots of Trust (RoT) 1.5.15
  • root user

S

  • secrets
  • secure user management 9.3.4.1
  • security objects
  • self-enrollment, for endpoints 12.2.4.1
  • separation of duties 1.5.5
  • server certificates
  • Signle Sign-On
  • sign signatures
    • accessing with okvutil sign B.8
  • sign-verify
    • accessing with okvutil sign-verify B.9
  • Single Sign-On
    • See: IDP
  • SNMP
    • about 22.1.1.1
    • changing settings on standby server 22.1.1.4
    • changing user name and password 22.1.1.3
    • example of simplified remote monitoring 22.1.1.7
    • granting access to user 22.1.1.2
    • Management Information Base (MIB) variables 22.1.1.6
    • remotely monitoring Oracle Key Vault 22.1.1.5
  • SNMP settings
  • split-brain scenarios 23.1.1
  • SQL*Plus
    • guidance for credentials 17.2
    • guidance for secrets 17.2
  • sqlnet.ora file
    • environment variables and 13.3.4
  • SSH
    • guidance for credentials 17.3
    • guidance for secrets 17.3
  • SSH key files
    • downloading from Key Vault to a wallet B.5
  • SSH Tunnel Add Failure C.9.1
  • SSH tunnels
    • creating between Oracle Key Vault and DBaas instance 6.3.1
    • deleting 6.3.7
    • disabling 6.3.5
    • multi-master clusters 6.3.5, 6.3.6, 6.3.7
    • not active 6.3.6
    • reverse SSH tunnel in multi-master cluster 6.3.2
    • reverse SSH tunnel in primary-standby configuration 6.3.3
    • viewing details 6.3.4
  • SSL Client Error C.10.1, C.10.2
  • SSL Layer Error C.3.7
  • standby servers
    • role in primary-standby configuration 23.1.5
  • support user
  • syslog
    • configuring for non-multi-master clusters 18.2.6
  • syslog configuration
  • syslog settings
  • System Administrator role
  • system diagnostics
    • See: diagnostic reports
  • System Metrics
  • system recovery 2.6, 18.4.1
  • system time
    • setting for non-multi-master clusters 18.2.4
  • system users
    • multi-master cluster effect on 9.1.3.6

T

  • TDE direct connect
    • See: online master encryption keys
  • TDE-enabled databases
    • about configuring Key Vault for 11.2.1
    • configuring environment for 11.2.3
    • integrating TDE with Key Vault 11.2.4
    • limitations of TDE endpoint integration 11.2.2
  • TDE master encryption keys
    • centralized management 1.3.1
  • TDE wallets
  • third-party certificates
  • time
  • Transparent Data Encryption 11.2.1
    • See also: TDE-enabled databases
    • downtime, minimizing for TDE heartbeat 18.7
    • endpoint management 13.5
  • transportable tablespaces support for data moves 14.6
  • types of backups 21.3.2

U

  • Unable to boot the Virtual Machine C.7.5
  • Unable to schedule new backup C.5.2
  • Upgrade Failure C.7.4
  • upgrading endpoint software
    • unenrolled endpoint 13.8
  • upload command (okvutil) B.7
  • uploading
  • Uploading Java Keystore C.3.6
  • use cases 1.3
    • centralized storage 1.3.2
    • key rotation 1.3.1
    • online management of keys and secret data 1.3.4
    • storage of credential files 1.3.3
  • user accounts
    • multi-master clusters, effect on 9.1.3
  • user-defined keys
  • user groups 9.5.1
    • adding a user 9.5.4
    • changing description 9.5.7
    • creating 9.5.3
    • deleting 9.5.9
    • granting access to virtual wallet 9.5.5
    • modifying virtual wallets from Keys & Wallets tab 10.2.3
    • multi-master clusters, effect on 9.5.2
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 10.2.2
    • removing access to virtual wallets from User's tab 10.3.3
    • removing user from 9.5.8
    • renaming 9.5.6
    • revoking access to virtual wallets 10.3.4
  • users 9.5.1
    • See also: user groups
    • about changing password 9.3.3
    • about user accounts 9.1.1, 9.1.2.1, 9.1.3.1
    • administrative roles, about 9.2.1
    • administrative roles, granting or changing 9.2.2
    • administrative roles, revoking 9.2.7
    • changing own password 9.3.2
    • changing password automatically 9.3.3.2
    • changing password manually 9.3.3.1
    • changing passwords, about 9.3.1
    • changing support user password 9.6.2
    • changing user email address 9.4.1
    • controlling manual password reset operations, about 9.3.4.1
    • controlling manual password reset operations, configuration 9.3.4.2
    • Create Endpoint Group privilege, granting or changing 9.2.5
    • Create Endpoint privilege, granting or changing 9.2.3
    • creating accounts 9.1.4
    • deleting accounts 9.1.6
    • disabling email notifications 9.4.2
    • endpoint administrators
    • endpoint privileges, about 9.2.1
    • endpoint privileges, revoking 9.2.7
    • granting access to virtual wallet 9.2.8
    • Manage Endpoint Group privilege, granting or changing 9.2.6
    • Manage Endpoint privilege, granting or changing 9.2.4
    • modifying virtual wallets from Keys & Wallets tab 10.2.3
    • multi-master cluster effect on 9.1.3.5
    • naming guidelines 2.5
    • removing access to virtual wallets from Keys & Wallets tab 10.2.2
    • removing access to virtual wallets from User's tab 10.3.2
    • reports 22.4.7
    • root user
    • support user
    • view account details 9.1.5

V

  • viewing user account details 9.1.5
  • virtual wallets
    • about 10.1.1
    • access management from Keys and Wallets tab 10.2.1
    • adding endpoint access to 12.6.1
    • adding security objects to 10.1.4
    • creating 10.1.2
    • deleting 10.1.6
    • endpoint group access grant 12.7.4
    • granting access to from Keys & Wallets tab 10.2.2
    • granting access to from Users tab 10.3.1
    • granting user access to 9.2.8, 9.5.5
    • granting user group access to from User's tab 10.3.3
    • modifying 10.1.3
    • modifying from Keys & Wallets tab 10.2.3
    • naming guidelines 2.5
    • removing security objects from 10.1.5
    • removing user access to from Users tab 10.3.2
    • revoking endpoint access 12.6.2
    • revoking user group access from 10.3.4

W

  • wallet not open error C.3.1
  • wallets
    • checking TDE wallet migration for logical standby
    • downloading
    • downloading from Key Vault to a wallet B.5
    • endpoint group access grant 12.7.4
    • endpoints, associating 12.5.1
    • endpoints, viewing wallet items for 12.6.3
    • key rotation guidance 11.4.4
    • migrating existing TDE wallet to Key Vault
    • migrating TDE to Key Vault for logical standby database
    • migrating to Oracle Data Guard 14.3.4
    • Oracle GoldenGate use with 14.2.1
    • Oracle Real Application Clusters environment 14.1
    • overwriting danger of 11.4.4
    • reports 22.4.3
    • restoring database contents previously encrypted by TDE
    • reverse migrating in Oracle Data Guard
    • setting default for endpoint 12.5.2
    • sharing with multiple endpoints guidance 11.4.4
    • uploading
    • uploading contents to Key Vault server B.7
    • uploading in Oracle Data Guard