Index

A

about managing 7.5.1
access control
- access grants for virtual wallets 2.3.2
- how configuration works 2.3.1
access control options 2.3.3
access grants 2.3.2
Actions menu 4.8.1
activate Command 13.7.6.1
add_attr command 13.7.5.1
add_custom_attr command 13.7.5.2
add_epg_member command 13.6.5.1
add_member command 13.7.7.1
add_wallet_access_ep command 13.6.6.1
add_wallet_access_epg command 13.6.6.2
adding user to user group 7.5.4
administration users
- multi-masters clusters effect on 7.1.2.4
administrative roles
- about 2.4.1
- about managing 7.2.1
- Audit Manager
  - about 2.4.5
- granting or changing 7.2.2
- Key Administrator
  - about 2.4.4
- revoking 7.2.4
- separation of duty 2.4.2
- System Administrator
  - about 2.4.3
alerts 1.5.3
- about 17.2.1
- configuring 17.2.2
- types of 17.2.1
- viewing open alerts 17.2.3
all_attr command 13.7.5.3
appliance automation
- commands
  - enrollment token management 13.6.3
  - virtual wallet management 13.6.6
architecture 3.3
archiving
- credential files 18.6.1
auditing
- about 17.3.1
- Audit Vault and Database Firewall, consolidating audit records 17.3.6
- deleting audit records 17.3.5
- exporting audit records to file 17.3.5
- multi-master clusters 17.3.3
- syslog file 17.3.2
- viewing audit records 17.3.4
Audit Manager
- about 2.4.5
Audit Manager role
- multi-master cluster effect on 7.1.2.3
Audit Vault and Database Firewall
- consolidating audit records 17.3.6
Automatic Storage Management
- uploading keystores
  - about 19.4.1
  - copying keystore to 19.4.3
  - procedure 19.4.2

B

backing up data
- about 14.1
- best practices 14.6
- chanding schedule 14.4.2
- deleting schedule 14.4.3
- primary-standby deployments 14.4.4
- recovery passphrase 14.4.5
- scheduling backup 14.4.1
backup destinations
- about 14.2.1
- changing settings 14.2.3
- creating remote 14.2.2
- deleting remote 14.2.4
backups
- console certificates 16.2.5
- protecting with recovery passphrase 14.4.5
- reports 17.4.5
- types 14.3.2
backup scheduling 14.4
- about 14.3.1
- types 14.3.2
benefits
- centralizing key lifecyle management 1.2
- centralizing key storage 1.2
- fighting security threats 1.2

C

candidate nodes 3.4.3.3
centralized storage
- Java keystores 1.3.1
- Oracle wallet files 1.3.1
centralized storage and management of security objects 1.5.1
certifcates
- rotating, about 16.1.1
- rotating, procedure 16.1.4
- rotation, checking status 16.1.5
certificate
- get_cert command 13.7.4.3
- reg_cert command 13.7.4.7
certificates
- See: console certificates
- rotating, advice 16.1.2
- rotating, factors that may affect process 16.1.3
changepwd command (okvutil) B.3
changing a user group description 7.5.7
check_object_status command 13.6.6.3
cluster nodes
- about 3.3.1
- limitation 3.3.2
cluster node types
- about 3.3.7
clusters
- creating first node 5.2
- deleting a node 5.7
- disabling a node 5.5
- disabling node replication 5.9.2
- enabling a node 5.6
- enabling node replication 5.9.3
- force deleting a node 5.8
- management information 5.10
- monitoring information 5.11
- read-only, creating 5.3.2
- read-write pair of nodes, creating 5.3.1
- read-write pairs of nodes, creating 5.3.3
- restarting cluster services 5.9.1
- terminating node pairing 5.4
cluster size and availability guidance 3.5.1
cluster subgroup
- about 3.3.3
Commercial National Security Algorithm (CNSA)
- about 15.6.1
- backup and restore operations 15.6.3
- running scripts 15.6.2
- upgrading primary-standby Oracle Key Vault servers 15.6.5
- upgrading standalone Oracle Key Vault server 15.6.4
configuration files
- endpoint configuration file 10.6
configuration parameters
- endpoints 9.6.3.1
configuring a primary-standby deployment 6.1.1
conflicts in names of objects 5.12.1
console certificates
- about managing 16.2.1
- backup data restored 16.2.5
- downloading CA request 16.2.2
- having signed 16.2.3
- primary-standby environments 16.2.5
- RESTful services 16.2.5
- uploading 16.2.4
controller nodes
- about 3.4.3.2
create_endpoint_group command 13.6.5.2
create_endpoint command 13.6.3.1
create_key command 13.7.4.1
create_unique_endpoint_group command 13.6.5.3
create_unique_endpoint command 13.6.3.2
create_unique_wallet command 13.6.6.4
create_wallet command 13.6.6.5
creating a user group 7.5.3
creating user accounts 7.1.3
credential files
- about archiving and downloading 18.6.1
- change to content guidance 18.6.4
- downloading
  - guidance 18.6.4
  - procedure 18.6.3
- overwriting danger of 18.6.4
- sharing with multiple endpoints guidance 18.6.4
- uploading
  - guidance 18.6.4
  - procedure 18.6.2
critical data 3.3.4

D

dashboard
- status panes 15.1.3
- viewing 15.1.2
data
- backing up, about 14.1
- restoring, about 14.1
Database as a Service
- about configuring for Key Vault 12.2.1
- configuring instance 12.2.2
- creating low privileged user 12.2.3
- deleting SSH tunnel 12.3.7
- disabling SSH tunnel 12.3.5
- enrolling instance as endpoint
  - about 12.4.1
  - installing Oracle Key Vault software onto 12.4.4
  - post-installation tasks 12.4.5
  - preparing environment 12.4.3
  - registering 12.4.2
- resuming access to Oracle Key Vault 12.7
- reverse SSH tunnel in multi-master cluster 12.3.2
- reverse SSH tunnel in primary-standby configuration 12.3.3
- SSH tunnel between Oracle Key Vault and DBaas instance 12.3.1
- SSH tunnel not active 12.3.6
- suspending access to Oracle Key Vault
  - about 12.5.1
  - procedure 12.5.2
- users
  - low privileged user for DBaaS 12.2.3
- viewing SSH tunnel details 12.3.4
del_attr command 13.7.5.4
del_custom_attr command 13.7.5.5
del_member command 13.7.7.2
delete_endpoint_group command 13.6.5.4
delete_endpoint command 13.6.3.3
delete_wallet command 13.6.6.6, 13.6.6.16
deleting user accounts 7.1.5
deleting user groups 7.5.9
deployment
- architecture 2.2
- overview 1.7
deployments
- credential files, archiving and downloading 18.6.1
- Java keystores, uploading and downloading 18.4.1
- JKS and JCEKS keystores, archiving and downloading 18.5.1
- migrating standalone Key Vault server to multi-master cluster 3.4.4.1
- online master keys for TDE wallets 1.3.2
- Oracle wallets, uploading and downloading 18.4.1
- primary-standby to multi-master cluster 3.4.4.2
- recommendations for 5.13
deployment scenarios
- cluster size and availability 3.5.1
- mid-size cluster 3.5.3
- two data centers 3.5.3
- two nodes 3.5.2
destroy command 13.7.6.2
diagnostic reports
- about 17.1.4.1
- generating file 17.1.4.3
- installing generation utility 17.1.4.2
- removing diagnostic generation utility 17.1.4.5
- removing temp files 17.1.4.4
diagnostics
- accessing with okvutil diagnostics B.4
diagnostics generation utility
- transaction check error C.9
disk space, adding 4.5.7
DNS
- configuring NTP servers for non-multi-master clusters 15.2.4
- nodes 15.3.1.4
DNS settings
- multi-master clusters 15.3.2.3
download command 13.6.3.4
download command (okvutil) B.5
downloading
- credential files 18.6.3
- JKS and JCEKS keystores 18.5.1, 18.5.3
- wallets 18.4.3
downtime, minimizing 15.7
drop_epg_member command 13.6.5.5
drop_wallet_access_ep command 13.6.6.7
DSA keys, removing after upgrade 4.5.8

E

email
- modify_endpoint_email command 13.6.4.1
email addresses
- changing 7.4.1
- disabling email notifications 7.4.2
email notification
- about 17.1.2.1
- configuring 17.1.2.2
- disabling 17.1.2.4
- testing 17.1.2.3
emergency system recovery 2.5
endpoint administrators
- about 2.7
endpoint database requirements 4.2.4
endpoint groups
- access grant to virtual wallet 9.5.4
- add_epg_member command 13.6.5.1
- add_wallet_access_epg command 13.6.6.2
- adding endpoint too 9.5.5
- create_endpoint_group command 13.6.5.2
- create_unique_endpoint_group command 13.6.5.3
- creating 9.5.2
- delete_endpoint_group command 13.6.5.4
- deleting 9.5.7
- drop_epg_member command 13.6.5.5
- modfify_endpoint_group_desc command 13.6.5.6
- modify_wallet_access_epg command 13.6.6.8, 13.6.6.13
- modify_wallet_name command 13.6.6.15
- modifying details 9.5.3
- modifying virtual wallets from Keys & Wallets tab 8.2.3
- multi-master clusters, effect on 9.5.1
- removing access to virtual wallets from Keys & Wallets tab 8.2.2
- removing endpoint 9.5.6
endpoint node scan lists
- about 3.6.3
endpoint platforms, supported 4.2.3
endpoints 9.5.2
- See also: endpoint groups
- about 9.2.5.1
- about managing 9.1.1
- add_epg_member command 13.6.5.1
- adding access to virtual wallet 9.4.1
- adding to an endpoint group 9.5.5
- adding using administrator-initiated enrollment 9.2.3
- adding using self-enrollment 9.2.4
- adding using self-enrollment, about 9.2.4.1
- adding using self-enrollment, procedure for 9.2.4.2
- administrators for 9.1.1
- alternative for individual 9.2.5.3
- associating default wallet with 9.3.1
- configuration file 10.6
- configuration parameters, about 9.6.3.1
- configuration parameters, setting 9.6.3.2
- create_endpoint command 13.6.3.1
- create_unique_endpoint command 13.6.3.2
- DBaaS
  - enrolling 12.4.1
  - registering 12.4.1
- default wallet, setting for 9.3.2
- delete_endpoint command 13.6.3.3
- deleting 9.2.5.1, 9.2.5.2, 9.2.5.3
- details
  - about 9.6.1
  - configuration parameters, about 9.6.3.1
  - configuration parameters, setting 9.6.3.2
  - modifying 9.6.2
- diagnostics B.4
- download command 13.6.3.4
- downloading software 10.2.1
- drop_epg_member commandd 13.6.5.5
- drop_wallet_access_ep command 13.6.6.7
- endpoint node scan lists 3.6.3
- enrolling and provisioning 10.2.1
- enrollment
  - about 10.1
  - administrator initiated, about 9.2.1
  - types of enrollment 9.2.1
- enrollment in multi-master cluster 9.2.2
- enrollment process
  - about 10.1
- enrollment types 9.2.1
- get_enrollment_token command 13.6.3.5
- guidance on enrolling across deployments 3.5.3
- installing software for new enrollment 10.2.3
- Java home, how determined 10.3.1
- limitiations of TDE endpoint integration 18.1.2
- modify_endpoint_desc command 13.6.4.2
- modify_endpoint_email command 13.6.4.1
- modify_endpoint_group_name command 13.6.5.7
- modify_endpoint_name command 13.6.4.3
- modify_endpoint_platform command 13.6.4.4
- modify_endpoint_type command 13.6.4.5
- modifying virtual wallets from Keys & Wallets tab 8.2.3
- multi-master clusters, effect on 9.1.2
- nodes available for connection 3.6.3
- not using Oracle Key Vault client software 10.4
- okvclient.ora file 10.6
- okvutil utility for provisioning B.1
- one or more endpoints 9.2.5.2
- Oracle Cloud Infrastructure database instance
  - about 12.1
- password, changing B.3
- post-installation for new enrollment 10.2.4
- preparing environment for new enrollment 10.2.2
- provision command 13.6.3.6
- provisioning
  - about 10.1
- re_enroll_all command 13.6.3.8
- re_enroll command 13.6.3.7
- reenrolling 9.2.5.5
- removing access to virtual wallets from Keys & Wallets tab 8.2.2
- removing from an endpoint group 9.5.6
- reports 17.4.2
- revoking access to virtual wallet 9.4.2
- suspending 9.2.5.4
- TDE endpoint management 10.5
- upgrading for enrolled 9.7.2
- upgrading for unenrolled
  - downloading Oracle Key Vault okvclient.jar software 9.7.1.2
  - installing Oracle Key Vault okvclient.jar software 9.7.1.3
  - post-installation tasks 9.7.1.4
  - preparing environment 9.7.1.1
- upgrading from unenrolled endpoint 9.7.1
- wallet items, viewing 9.4.3
endpoint self-enrollment, about 9.2.1
enrolling endpoints
- about 10.1
- administrator initiated
  - about 9.2.1
- script to automatically enroll using RESTful commands 13.4.7
- self-initiated
  - about 9.2.1
environment variables
- JAVA_HOME, how determined during client installation 10.3.1
- OKV_HOME
  - non-database utilities 10.3.3
  - set during installation 10.3.2
- okvclient.ora location of 10.3.2
- persistent master encryption key cache 18.3.4
- sqlnet.ora file 10.3.4
Error
- Object is Unstorable in Container error B.5
errors
- about 13.6.7.1
- at command line 13.6.7.2
- error reporting
  - while running commands from script 13.6.7.3
EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 18.3.7.6

F

failovers
- restoring primary-standby after 6.4
failover situations
- read-only restricted mode C.14.1
FIPS 140–2 2.8
FIPS-Inside
- See: FIPS mode
FIPS mode 2.8
- disabling 15.3.1.5
- disabling for non-multi-master clusters 15.2.5
- enabling 15.3.1.5
- enabling for non-multi-master clusters 15.2.5

G

get_attr command 13.7.5.6
get_cert command 13.7.4.3
get_default_wallet command 13.6.6.9
get_enrollment_token command 13.6.3.5
get_key command 13.7.4.4
get_object_name command 13.6.6.10
get_opaque command 13.7.4.5
get_secret command 13.7.4.6
get_wallets command 13.6.6.11
granting access to objects or users 2.3.2

I

initial node
- creating 5.2
- creation of 3.4.2
installation and configuration
- about 4.1
- downloading appliance software 4.3.1
- endpoint database requirements 4.2.4
- endpoint platform, supported 4.2.3
- installing appliance software procedure 4.3.2
- network port requirements 4.2.2
- post-installation tasks 4.3.3
- system requirements 4.2.1
installing appliance software 4.3.2
interfaces 1.6
- management console 1.6.1
- okvutil endpoint utility 1.6.2
- RESTful services 1.6.3

J

JAVA_HOME environment variable
- how determined during client installation 10.3.1
- location determined during installation 10.3.1
Java keystores
- downloading B.5
- uploading B.7
JKS and JCEKS keystores
- downloading
  - JKS and JCEKS keystores 18.5.1
  - procedure 18.5.3
- uploading
  - procedure 18.5.2
JKS and JCKS keystores
- change to content guidance 18.5.4
- downloading
  - guidance 18.5.4
- overwriting danger of 18.5.4
- sharing with multiple endpoints guidance 18.5.4
- uploading
  - guidance 18.5.4

K

Kerberos keytabs
- downloading B.5
kernels, removing after upgrade 4.5.6
key
- get_key command 13.7.4.4
- reg_key command 13.7.4.2
Key Administrator role
- about 2.4.4
- multi-master cluster effect on 7.1.2.2
keyattributes
- custom, del_custom_attr command 13.7.5.5
key attributes
- add_attr command 13.7.5.1
- all_attr command 13.7.5.3
- custom, add_custom_attr command 13.7.5.2
- custom, mod_custom_attr command 13.7.5.9
- del_attr command 13.7.5.4
- get_attr command 13.7.5.6
- list_attr command 13.7.5.7
- mod_attr command 13.7.5.8
key lifecycle management 1.5.2
key rotation 1.3.2
keys
- activate Command 13.7.6.1
- activating 8.4.3
- create_key command 13.7.4.1
- deactivating 8.4.4
- deleting 8.4.6
- destroy command 13.7.6.2
- finding for Key Vault B.6
- get_object_name command 13.6.6.10
- locate command 13.7.6.3
- multi-master clusters, effect on 8.4.2
- query command 13.7.6.5
- reports 17.4.4
- revoke command 13.7.6.4
- revoking 8.4.5
- state of, managing 8.4.1
keystores
- Automatic Storage Management
  - about uploading from 19.4.1
  - copying keystore to 19.4.3
  - procedure for uploading from 19.4.2
KMIP Protocol 1.5.10

L

list_attr command 13.7.5.7
list_wallet command 13.7.7.3
list command (okvutil) B.6
local backup destinations
- about 14.2.1
locate command 13.7.6.3
log file locations C.3
logging in to management console 4.4

M

management console
- about 1.6, 1.6.1
- logging in to 4.4
- overview of 4.7
Management Information Base (MIB) variables 17.1.1.6
master encryption keys
- See: persistent master encryption key cache
- persistent master encryption key cache 1.5.6, 18.3.3
- TDE,
  - See: persistent master encryption key cache
- user-defined key as 18.7.1
maximum disable node duration
- multi-master clusters 15.3.2.4
mod_attr command 13.7.5.8
mod_custom_attr command 13.7.5.9
modfify_endpoint_group_desc command 13.6.5.6
modify_endpoint_desc command 13.6.4.2
modify_endpoint_email command 13.6.4.1
modify_endpoint_group_name command 13.6.5.7
modify_endpoint_name command 13.6.4.3
modify_endpoint_platform command 13.6.4.4
modify_endpoint_type command 13.6.4.5
modify_wallet_access_ep command 13.6.6.12
modify_wallet_access_epg command 13.6.6.8, 13.6.6.13
modify_wallet_desc command 13.6.6.14
modify_wallet_name command 13.6.6.15
monitoring
- diagnostic reports 17.1.4.1
- email notification 17.1.2.1
- Oracle Audit Vault 15.3.1.7, 17.1.5
- remote monitoring 17.1.1.1
- reports 17.4.1
- SNMP 17.1.1.1
- syslog configuration 17.1.3
monitoring information for clusters 5.11
multi-master clusters 3.3
- about managing 5.1
- addition of new server to cluster 3.4.3.3
- addition of nodes 3.4.3.4
- administration users, effect on 7.1.2.4
- auditing 17.3.3
- Audit Manager role, affect on 7.1.2.3
- backup and restore operations 14.1
- benefits 3.2
- building and managing, about 3.4.1
- candidate node 3.4.3.3
- changing recovery passphrase 15.4.4
- checking upgrade success 4.6.5
- cluster node 3.3.1
- cluster subgroup 3.3.3
- controller node 3.4.3.2
- critical data 3.3.4
- difference from primary-standby configuration 6.1.3
- DNS for individual nodes
  - configuring 15.3.1.4
- DNS settings 15.3.2.3
- downtime, minimizing 15.7
- effect on role management 7.2.1
- endpoint enrollment 9.2.2
- endpoint groups, effect on 9.5.1
- endpoints 9.2.2
- endpoints, effect on 9.1.2
- expansion of
  - about 3.4.3.1
  - addition of more nodes 3.4.3.4
  - controller node 3.4.3.2
- FIPS mode for individual nodes, setting 15.3.1.5
- host name network setting for individual nodes 15.3.1.1
- inconsistency resolution 3.6.1
- initial node 3.4.2
- Key Administrator role, effect on 7.1.2.2
- keys, effect on 8.4.2
- maximum disable node duration 15.3.2.4
- mid-size cluster 3.5.3
- migrating standalone Key Vault server to 3.4.4.1
- mode types 3.3.7
- multi-master clusters
  - expansion of
    - candidate nodes 3.4.3.3
- name conflict resolution 3.6.2
- network services for individual nodes 15.3.1.2
- node limitations 3.3.2
- operations permitted on modes 3.3.8
- Oracle Audit Vault 15.3.1.7, 17.1.5
- Oracle Key Vault management console, setting timeout 15.3.2.8
- overview 3.1
- preparation for pre-upgrade 4.6.2
- pre-upgrade 4.6.3
- primary-standby to multi-master cluster 3.4.4.2
- read-only mode 3.3.7
- read-only node 3.3.6
- read-only restricted mode 3.3.7
- read-write mode 3.3.7
- read-write node 3.3.5
- reconfiguration changes 3.4.3.2
- RESTful services enablement 15.3.2.5
- restore operations 14.5.3
- reverse SSH tunnels 12.3.2
- rolling back pre-upgrade 4.6.6
- security objects, effect on 8.4.2
- size and availability 3.5.1
- SNMP settings 15.3.2.7
- syslog destination
  - clearing 17.1.3.2
  - setting 17.1.3.1
- syslog settings 15.3.2.6
- syslog settings, node 15.3.1.6
- System Administrator role, effect on 7.1.2.1
- system settings
  - about 15.3.2.1
- system settings for individual nodes 15.3.1
- system time for individual nodes
  - setting 15.3.1.3
- system users, effect on 7.1.2.5
- time settings 15.3.2.2
- two data centers 3.5.3
- two nodes 3.5.2
- upgrade, about 4.6.1
- upgrading each node 4.6.4
- user accounts, effect on 7.1.2
- user groups, changing description 7.5.7
- user groups, creating in 7.5.3
- user groups, deleting 7.5.9
- user groups, effect on 7.5.2
- user groups, removing users from 7.5.8
- user groups, renaming 7.5.6
- users, effect on 7.1.2.4
- virtual wallet user access to 7.2.3
MySQL integration with Oracle Key Vault 19.5

N

naming conflicts
- about 5.12.1
- accepting suggested name 5.12.4
- changing suggested name 5.12.3
- finding 5.12.2
network details
- configuring for non-multi-master clusters 15.2.1
network port requirements 4.2.2
network services
- configuring for non-multi-master clusters 15.2.2
nodes
- creating first node 5.2
- deleting 5.7
- disabling 5.5
- disabling replication 5.9.2
- enabling 5.6
- enabling replication 5.9.3
- force deleting 5.8
- restarting cluster services for 5.9.1
- terminating pairing of 5.4
NTP servers
- configuring DNS for non-multi-master clusters 15.2.4

O

OASIS Key Management Interoperability Protocol (KMIP)
- Oracle Key Vault implementation of 1.5.10
OKV_HOME environment variable
- non-database utilities 10.3.3
okvclient.jar
- downloading for installation on endpoint 10.2.1
okvclient.ora file
- about 10.6
okvutil utility
- about 1.6, 1.6.2
- changepwd command B.3
- diagnostics command B.4
- download command B.5
- list command B.6
- syntax B.2
- upload command B.7
- used to manage endpoints B.1
online master keys
- about using with Oracle Key Vault 1.3.2
- centralized management of TDE keys 1.3.2
- Oracle Data Guard connection 19.3.3
- Oracle GoldenGate 19.2.2
opaque
- get_opaque command 13.7.4.5
- reg_opaque command 13.7.4.8
operations, restrictions and conditions of A
options for access control 2.3.3
Oracle Active Data Guard
- support for data moves 19.6
Oracle Audit Vault
- enabling Oracle Key Vault to send data to, for non-multi-master clusters 15.2.8
- integration for node 15.3.1.7, 17.1.5
Oracle Cloud Infrastructure database instance endpoints
- about 12.1
Oracle Data Guard
- migrating Oracle wallets 19.3.4
- online master keys connection 19.3.3
- reverse migrating wallets 19.3.5
- uploading wallets to Oracle Key Vault 19.3.1
Oracle Data Pump support for data moves 19.6
Oracle GoldenGate
- online master keys with
  - about 19.2.2
- TDE wallet migration
  - about 19.2.3
- wallets used with 19.2.1
Oracle Key Vault
- administering cluster environments 15.3
- benefits 1.2
- deployment architecture 2.2
- deployment overview 1.7
- key management, about 1.1
- RESTful services 13.1
- standards and protocols 1.5.10
- who should use 1.4
Oracle Key Vault client software
- endpoints not using 10.4
Oracle Key Vault compute instance
- about 11.1
- about provisioning 11.3.1
- benefits 11.2
- finding image 11.3.2.3
- launching, about 11.3.2.1
- launching process 11.3.2.4
- migrating data out of compute instance 11.5.3
- migrations, about 11.5.1
- post-installation tasks 11.3.2.5
- post-launch tasks 11.3.2.5
- prerequisites 11.3.2.2
- restarting 11.4.1
- starting 11.4.1
- stopping 11.4.1
- system settings 11.4.2
- terminating 11.4.4
- transitioning data into a compute instance 11.5.2
Oracle Key Vault compute instances
- backup operations 11.4.3
- restore operations 11.4.3
Oracle Key Vault concepts 2.1
Oracle Key Vault endpoint utility
- See: okvutil utility
- about 1.6, 1.6.2
Oracle Key Vault features
- ASM cluster file system encryption key management 1.5.14
- audit and monitoring services, external support for 1.5.12
- backup and restore support for security objects 1.5.7
- centralized storage and management of security objects 1.5.1, 1.5.10
- database release and platform support 1.5.11
- DBaaS endpoint support 1.5.15
- endpoint enrollment, automatic using RESTful services 1.5.8
- HSM integration 1.5.16
- key lifecycle management 1.5.2
- MySQL integration 1.5.13
- persistent master encryption key cache 1.5.6
- primary-standby environment support 1.5.5, 15.5
- reporting and alerts 1.5.3
- RESTful service support for key management 1.5.9
- separation of duties 1.5.4
Oracle Key Vault general system administration
- about 15.1.1
Oracle Key Vault interfaces 1.6, 1.6.2
- management console 1.6.1
- RESTful services 1.6.3
Oracle Key Vault keys
- finding B.6
Oracle Key Vault maintenance
- dashboard 15.1.2
- system settings 15.3.1
Oracle Key Vault management console
- about 1.6
- overview of 4.7
- timeout for multi-master cluster nodes 15.3.2.8
- timeout for Web sessions for non-multi-master clusters 15.2.9
Oracle Key Vault Multi-Master Cluster A
Oracle Key Vault status
- viewing 15.1.2
Oracle Key Vault use cases 1.3
Oracle Real Application Clusters
- RESTful services 13.1
- support for data moves 19.6
- wallets 19.1
Oracle Recovery Manager (RMAN) support for data moves 19.6
Oracle wallets
- downloading
  - about 18.4.1
- uploading
  - about 18.4.1

P

passphrases 15.4.1
- See also: passwords
- changing in clusters environment 15.4.4
- changing in non-clusters environment 15.4.3
- recovering credentials 15.4.2
- recovering system 15.4.1
passwords 15.4.1
- See also: passphrases
- about changing 7.3.1, 7.3.3
- changing endpoint password B.3
- changing operating system passwords 7.3.3.3
- changing password automatically 7.3.3.2
- changing password manually 7.3.3.1
- changing your own 7.3.2
- controlling manual password reset operations, about 7.3.4.1
- controlling manual password reset operations, configuration 7.3.4.2
persistent master encryption key cache
- about 18.3.1
- architecture 18.3.2
- caching master encryption keys in-memory 18.3.3
- contents of, listing 18.3.8
- environment variables, importance of setting 18.3.4
- modes of operation
  - first mode 18.3.5.2
  - Oracle Key Vault first mode 18.3.5.1
- Oracle Database deployments 18.3.9
- PEXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN parameter 18.3.7.6
- PKCS11_CACHE_TIMEOUT parameter 18.3.7.1
- PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 18.3.7.4
- PKCS11_PERSISTENT_CACHE_FIRST parameter 18.3.7.3
- PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 18.3.7.5
- PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 18.3.7.2
- refresh window 18.3.6
- storage location 18.3.4
PKCS11_CACHE_TIMEOUT parameter 18.3.7.1
PKCS11_CONFIG_PARAM_REFRESH_INTERVAL parameter 18.3.7.4
PKCS11_PERSISTENT_CACHE_FIRST parameter 18.3.7.3
PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW parameter 18.3.7.5
PKCS11_PERSISTENT_CACHE_TIMEOUT parameter 18.3.7.2
post-installation tasks 4.3.3
powering off Oracle Key Vault for non-multi-master clusters 15.2.10
powering off Oracle Key Vault nodes 15.3.1.8
primary servers
- role in primary-standby configuration 6.1.4
primary-standby
- restore operations 14.5.4
primary-standby configuration
- about 6.1.1
- benefits 6.1.2
- best practices 6.7
- changing SNMP settings on standby server 17.1.1.4
- checking TDE wallet migration for logical standby 19.3.7
- configuring primary server 6.2.1
- configuring standby server 6.2.2
- difference from multi-master clusters 6.1.3
- disabling 6.5
- downtime, minimizing 15.7
- enabling primary-standby on primary 6.2.3
- migrating TDE wallets to Oracle Key Vault for standby 19.3.6
- persistent master encryption key cache
  - downtime, minimizing 15.7
- primary server
  - configuring 6.2.1
  - enabling for primary-standby 6.2.3
- primary server role 6.1.4
- read-only restricted mode
  - downtime, minimizing 15.7
- read-only restricted mode, disabling 6.6.6
- read-only restricted mode, enabling 6.6.5
- read-only restricted mode, recovering from 6.6.7
- read-only restricted mode disabled 6.6.3
- read-only restricted mode enabled 6.6.2
- read-only restricted mode impact 6.6.1
- read-only restricted mode state during network failure 6.6.4.4
- read-only restricted mode state during primary server failure 6.6.4.2
- read-only restricted mode state during standby server failure 6.6.4.3
- read-only restricted mode states 6.6.4.1
- restoring primary-standby after 6.4
- reverse SSH tunnels 12.3.3
- standby server
  - configuring 6.2.2
- standby server role 6.1.5
- switching servers 6.3
- unpairing 6.5
primary-standby environments
- console certificates 16.2.5
primary-standby server
- moving to multi-master cluster 3.4.4.2
privileges 2.3.1
- See also: access control
- access control options 2.3.3
- access grants for virtual wallets 2.3.2
- RESTful services 13.2
provision command 13.6.3.6

Q

query command 13.7.6.5

R

re_enroll_all command 13.6.3.8
re_enroll command 13.6.3.7
read-only mode
- about 3.3.7
read-only nodes
- about 3.3.6
- creating 5.3.2
read-only restricted mode
- about 3.3.7
- disabling 6.6.6
- enabling 6.6.5
- failover, planned shutdown in standby server C.14.2.3, C.14.3.3
- failover, planned shutdown of primary server during upgrade C.14.2.1, C.14.3.1
- failover, planned shutodwn on primary server during maintenance C.14.2.2, C.14.3.2
- failover, unplanned shutdown in primary server C.14.2.4, C.14.3.4
- failover, unplanned shutdown in standby server C.14.2.5, C.14.3.5
- notifications 6.6.8
- primary-standby configuration, impact on 6.6.1
- primary-standby configuration without read-only restricted mode enabled 6.6.3
- primary-standby configuration with read-only restricted mode enabled 6.6.2
- recovering primary-standby 6.6.7
read-only restricted mode states
- network failure in primary-standby configuration 6.6.4.4
- primary server failure 6.6.4.2
- primary-standby configuration 6.6.4.1
- standby server failure 6.6.4.3
read-write mode
- about 3.3.7
read-write nodes
- about 3.3.5
read-write pair of nodes
- creating 5.3.1
read-write pairs of nodes
- creating additional 5.3.3
rebooting Oracle Key Vault for non-multi-master clusters 15.2.10
rebooting Oracle Key Vault nodes 15.3.1.8
recovery passphrase
- about recovering 15.4.1
- changing in clusters environment 15.4.4
- changing in non-clusters environment 15.4.3
- protecting the backup 14.4.5
- recovering credentials 15.4.2
reg_cert command 13.7.4.7
reg_key command 13.7.4.2
reg_opaque command 13.7.4.8
reg_secret command 13.7.4.9
rekey operation 1.3.2
remote backup destination
- about 14.2.1
remote backup destinations
- changing settings 14.2.3
- creating 14.2.2
- deleting 14.2.4
remotely monitoring using SNMP 17.1.1.5
remote monitoring
- about 17.1.1.1
- changing settings on standby server 17.1.1.4
- changing user name and password 17.1.1.3
- granting SNMP access to users 17.1.1.2
removing user from a user group 7.5.8
renaming a user group 7.5.6
reporting 1.5.3
reports
- about 17.4.1
- endpoint reports 17.4.2
- keys reports 17.4.4
- notification report 17.4.5
- system reports 17.4.5
- user reports 17.4.3
- wallets reports 17.4.4
restarting Oracle Key Vault for non-multi-master clusters 15.2.10
restarting Oracle Key Vault nodes 15.3.1.8
RESTful administrative commands
- add_epg_member 13.6.5.1
- add_wallet_access_ep 13.6.6.1
- add_wallet_access_epg 13.6.6.2
- check_object_status 13.6.6.3
- check_unique_wallet 13.6.6.4
- create_endpoint 13.6.3.1
- create_endpoint_group 13.6.5.2, 13.6.5.3
- create_unique_endpoint 13.6.3.2
- create_wallet 13.6.6.5
- delete_endpoint_group 13.6.5.4
- delete_unique_endpoint 13.6.3.3
- delete_wallet 13.6.6.6
- download 13.6.3.4
- drop_epg_member 13.6.5.5
- drop_wallet_access_ep 13.6.6.7
- drop_wallet_access_epg 13.6.6.8
- error reporting
  - about 13.6.7.1
  - while running commands from script 13.6.7.3
- error reporting at command line 13.6.7.2
- get_default_wallet 13.6.6.9
- get_enrollment_token 13.6.3.5
- get_object_name 13.6.6.10
- get_wallets 13.6.6.11
- help information 13.6.8
- modify_endpoint_desc 13.6.4.2
- modify_endpoint_email 13.6.4.1
- modify_endpoint_group_desc 13.6.5.6
- modify_endpoint_group_name 13.6.5.7
- modify_endpoint_name 13.6.4.3
- modify_endpoint_platform 13.6.4.4
- modify_endpoint_type 13.6.4.5
- modify_wallet_access_ep 13.6.6.12
- modify_wallet_access_epg 13.6.6.13
- modify_wallet_desc 13.6.6.14
- modify_wallet_name 13.6.6.15
- mset_default_wallet 13.6.6.16
- provision 13.6.3.6
RESTful APIs
- reports 17.4.5
RESTful key management commands
- about 13.7.1, 13.7.6.5
- activate 13.7.6.1
- add_attr 13.7.5.1
- add_custom_attr 13.7.5.2
- add_member 13.7.7.1
- all_attr 13.7.5.3
- commands listed 13.7.3
- create_key 13.7.4.1
- del_attr 13.7.5.4
- del_cust_attr 13.7.5.5
- del_member 13.7.7.2
- destroy 13.7.6.2
- get_attr 13.7.5.6
- get_cert 13.7.4.3
- get_key 13.7.4.4
- get_opaque 13.7.4.5
- get_secret 13.7.4.6
- list_attr 13.7.5.7
- list_wallet 13.7.7.3
- locate 13.7.6.3
- mod_attr 13.7.5.8
- mod_custom_attr 13.7.5.9
- privileges required 13.7.1
- reg_cert 13.7.4.7
- reg_key 13.7.4.2
- reg_opaque 13.7.4.8
- reg_secret 13.7.4.9
- revoke 13.7.6.4
- usage 13.7.2
RESTful services
- about 1.6.3, 13.1
- command syntax 13.6.2
  - administrative commands 13.6.1
- configuration file
  - about 13.4.1
  - creating 13.4.3
  - creation guidelines 13.4.2
  - example of creating automatic endpoint enrollment 13.4.7
  - examples 13.4.4
  - executing multiple commands in script 13.4.6
  - executing single command 13.4.5
- console certificates 16.2.5
- disabling 13.5
- disabling for non-multi-master clusters 15.2.7
- downloading software utility 13.3.4
- enabling for non-multi-master clusters 15.2.7
- enabling network services 13.3.2
- enabling RESTful services 13.3.3
- multi-master clusters, enablement 15.3.2.5
- multitenant environments 13.1
- Oracle Real Application Clusters 13.1
- privileges 13.2
- system requirements 13.3.1
RESTful Services
- commands
  - endpoint management 13.6.5
- enabling 13.3
restoring data
- about 14.5.1
- best practices 14.6
- multi-master clusters 14.5.3
- primary-standby deployment 14.5.4
- procedure 14.5.2
- system state after 14.5.6
- third-party certificates 14.5.5
revoke command 13.7.6.4
roles
- about 2.4.1
Roots of Trust (RoT) 1.5.16
root user
- about 2.6

S

search bars 4.8.2
searches
- how to perform searches in Oracle Key Vault management console 4.8
secret
- get_secret command 13.7.4.6
- reg_secret command 13.7.4.9
secure user management 7.3.4.1
security objects
- activating 8.4.3
- adding to virtual wallets 8.1.3
- deactivating 8.4.4
- deleting 8.4.6
- details of, about 8.5.1
- downloading to different types B.5
- modifying details of 8.5.4
- multi-master clusters, effect on 8.4.2
- removing from virtual wallets 8.1.4
- revoking 8.4.5
- searching for object items 8.5.2
- state of, managing 8.4.1
- viewing details of 8.5.3
- virtual wallets, creating for 8.1.2
self-enrollment, for endpoints 9.2.4.1
separation of duties 1.5.4
- how Oracle Key Vault manages 2.4.2
- users 7.1.1
SNMP
- about 17.1.1.1
- changing settings on standby server 17.1.1.4
- changing user name and password 17.1.1.3
- example of simplified remote monitoring 17.1.1.7
- granting access to user 17.1.1.2
- Management Information Base (MIB) variables 17.1.1.6
- remotely monitoring Oracle Key Vault 17.1.1.5
SNMP settings
- multi-master clusters 15.3.2.7
split-brain scenarios 6.1.1
sqlnet.ora file
- environment variables and 10.3.4
SSH key files
- downloading from Key Vault to a wallet B.5
SSH tunnels
- creating between Oracle Key Vault and DBaas instance 12.3.1
- deleting 12.3.7
- disabling 12.3.5
- multi-master clusters 12.3.5, 12.3.6, 12.3.7
- not active 12.3.6
- reverse SSH tunnel in multi-master cluster 12.3.2
- reverse SSH tunnel in primary-standby configuration 12.3.3
- viewing details 12.3.4
standby servers
- role in primary-standby configuration 6.1.5
support user
- about 2.6
swap space, extending 4.5.7
syslog
- configuring for non-multi-master clusters 15.2.6
syslog configuration
- audit records 17.3.2
- destination
  - clearing 17.1.3.2
  - setting 17.1.3.1
syslog settings
- multi-master cluster node 15.3.1.6
- multi-master clusters 15.3.2.6
System Administrator role
- about 2.4.3
- multi-master cluster effect on 7.1.2.1
system diagnostics
- See: diagnostic reports
system recovery 2.5, 15.4.1
system requirements 4.2.1
system time
- setting for non-multi-master clusters 15.2.3
system users
- multi-master cluster effect on 7.1.2.5

T

TDE direct connect
- See: online master keys
TDE-enabled databases
- about configuring Key Vault for 18.1.1
- configuring environment for 18.1.3
- integrating TDE with Key Vault 18.1.4
- limitations of TDE endpoint integration 18.1.2
TDE master encryption keys
- centralized management 1.3.2
TDE wallets
- Oracle GoldenGate 19.2.3
third-party certificates
- restoring data 14.5.5
time
- setting for non-multi-master clusters 15.2.3
time, setting for node 15.3.1.3
time settings
- multi-master clusters 15.3.2.2
Transparent Data Encryption 18.1.1
- See also: TDE-enabled databases
- downtime, minimizing for TDE heartbeat 15.7
- endpoint management 10.5
transportable tablespaces support for data moves 19.6
troubleshooting
- finding log files C.3
- upgrade errors C.7
- uploading Java keystores C.4
- uploading keystores with same file name but different contents C.6
- uploading the same Oracle wallet multiple times C.5
types of backups 14.3.2

U

V

viewing user account details 7.1.4
virtual wallets
- about 8.1.1
- access management from Keys and Wallets tab 8.2.1
- adding endpoint access to 9.4.1
- adding security objects to 8.1.3
- creating 8.1.2
- deleting 8.1.5
- endpoint group access grant 9.5.4
- granting access to from Keys & Wallets tab 8.2.2
- granting access to from Users tab 8.3.1
- granting user access to 7.2.3, 7.5.5
- granting user group access to from User's tab 8.3.3
- modifying from Keys & Wallets tab 8.2.3
- removing security objects from 8.1.4
- removing user access to from Users tab 8.3.2
- revoking endpoint access 9.4.2
- revoking user group access from 8.3.4

W

wallets
- add_member command 13.7.7.1
- add_wallet_access_ep command 13.6.6.1
- add_wallet_access_epg command 13.6.6.2
- check_object_status command 13.6.6.3
- checking TDE wallet migration for logical standby
  - about 19.3.7
- create_unique_wallet command 13.6.6.4
- create_wallet command 13.6.6.5
- del_member command 13.7.7.2
- delete_wallet command 13.6.6.6, 13.6.6.16
- downloading
  - guidance 18.4.4
  - procedure 18.4.3
- downloading from Key Vault to a wallet B.5
- drop_wallet_access_ep command 13.6.6.7
- endpoint group access grant 9.5.4
- endpoints, associating 9.3.1
- endpoints, viewing wallet items for 9.4.3
- get_default_wallet command 13.6.6.9
- get_wallets command 13.6.6.11
- key rotation guidance 18.4.4
- list_wallet command 13.7.7.3
- migrating existing TDE wallet to Key Vault
  - about 18.2.1
  - procedure 18.2.2
- migrating TDE to Key Vault for logical standby database
  - about 19.3.6
- migrating to Oracle Data Guard 19.3.4
- modify_wallet_access_ep command 13.6.6.12
- modify_wallet_access_epg command 13.6.6.8, 13.6.6.13
- modify_wallet_desc command 13.6.6.14
- modify_wallet_name command 13.6.6.15
- Oracle GoldenGate use with 19.2.1
- Oracle Real Application Clusters environment 19.1
- overwriting danger of 18.4.4
- reports 17.4.4
- restoring database contents previously encrypted by TDE
  - about 18.2.3
- reverse migrating in Oracle Data Guard
  - about 19.3.5
- setting default for endpoint 9.3.2
- sharing with multiple endpoints guidance 18.4.4
- uploading
  - guidance 18.4.4
  - procedure 18.4.2
- uploading contents to Key Vault server B.7
- uploading in Oracle Data Guard
  - about 19.3.1
  - procedure 19.3.2