Table of Contents
- Title and Copyright Information
- Preface
-
Changes in This Release for Oracle Key Vault
-
Changes for Oracle Key Vault
Release 21.7
- Controlling Access to SSH Servers Centrally with Oracle Key Vault
- Improved SSH User Keys Management
- RESTful Services Utility Changes to Support SSH Keys Management
- Support Key Creation from Oracle Key Vault Management Console
- Support for Node or Cluster Scope for Alerts in Multi-Master Cluster
- Setting the Initial Password for the support and root User
-
Changes for Oracle Key Vault
Release 21.6
- Ability to Restrict the Extraction of Private Encryption Keys from Oracle Key Vault
- Ability to Create Asymmetric Key Pairs in Oracle Key Vault
- Ability to Clone an Oracle Key Vault VM
- Support the Ability to Provide an Alternate Host Name or an IP Address
- Support SAMLv2 Based Single Sign-On (SSO) Authentication for Oracle Key Vault
- Support for Unified Application-Level Tracing and Simplified Diagnostics Collection
- Aborting Oracle Audit Vault Integration with Oracle Key Vault
- Event ID Support in Auditing Records
- Support for Disk and Network I/O and Application Metrics in Oracle Key Vault Metrics Framework
- Support for Sign and Signature Verify Operations
- Oracle Key Vault Deployments in Microsoft Azure and Amazon AWS
- Endpoint IP Address Attribute Added to endpoint get RESTful Command
- Sign and Signature Verify APIs
- Improved Audit Record Messages
-
Changes for Oracle Key Vault
Release 21.5
- Support for SSH Public Key Authentication using SSH User Keys from Oracle Key Vault
- Automatic Purging of Audit Records Based on a Retention Policy
- Ability to Rotate Endpoint Certificates
- Endpoint and Endpoint Group Privileges Support for LDAP Users
- User Account Management
- Severity based Alert Categorization
- Displaying Endpoint Group Membership Column in Endpoint Metadata Report
- Ability to Determine Time of Last Endpoint Activity

- UEFI Support for OCI marketplace Image
- Separate Alerts for CA Certificate Expiration and Server/Node Certificate Expiration
-
Changes for Oracle Key Vault Release 21.4
- Ability to Control the Extraction of Symmetric Encryption Keys from Oracle Key Vault
- Enhancements to Certificate Management
- Support for Policy Based Automatic Purging of Old Oracle Key Vault Backups
- Ability to Restrict Oracle Key Vault Administrative Role Grants
- Client IP Address in the Oracle Key Vault Audit Trail
- Support for Additional Monitoring Information Through SNMP
- Changes for Oracle Key Vault Release 21.3
-
Changes for Oracle Key Vault
Release 21.7
- Deprecated Features Oracle Key Vault 21.5
-
1
Introduction to Oracle Key Vault
- 1.1 About Key and Secrets Management in Oracle Key Vault
- 1.2 Benefits of Using Oracle Key Vault
- 1.3 Oracle Key Vault Use Cases
- 1.4 Who Should Use Oracle Key Vault
-
1.5
Major Features of Oracle Key Vault
- 1.5.1 Centralized Storage and Management of Security Objects
- 1.5.2 Management of the Key Lifecycle
- 1.5.3 Reporting and Alerts
- 1.5.4 Separation of Duties for Oracle Key Vault Users
- 1.5.5 Persistent Master Encryption Key Cache
- 1.5.6 Backup and Restore Functionality for Security Objects
- 1.5.7 Management of Oracle Key Vault Using RESTful Services Utility
- 1.5.8 Support for OASIS Key Management Interoperability Protocol (KMIP)
- 1.5.9 Database Release and Platform Support
- 1.5.10 Integration with External Audit and Monitoring Services
- 1.5.11 Integration of MySQL with Oracle Key Vault
- 1.5.12 Oracle Advanced Cluster File System Encryption
- 1.5.13 Support for Cloud-Based Oracle Database Deployments
- 1.5.14 Oracle Key Vault Hardware Security Module Integration
- 1.6 Oracle Key Vault Interfaces
- 1.7 Overview of an Oracle Key Vault Deployment
-
2
Oracle Key Vault Concepts
- 2.1 Overview of Oracle Key Vault Concepts
- 2.2 Oracle Key Vault Deployment Architecture
- 2.3 Access Control Configuration
- 2.4 Administrative Roles and Endpoint Privileges within Oracle Key Vault
- 2.5 Naming Guidelines for Objects
- 2.6 Emergency System Recovery Process
- 2.7 Root and Support User Accounts
- 2.8 Endpoint Administrators
- 2.9 FIPS Mode
-
3
Oracle Key Vault Multi-Master Cluster Concepts
- 3.1 Oracle Key Vault Multi-Master Cluster Overview
- 3.2 Benefits of Oracle Key Vault Multi-Master Clustering
-
3.3
Multi-Master Cluster Architecture
- 3.3.1 Oracle Key Vault Cluster Nodes
- 3.3.2 Cluster Node Limitations
- 3.3.3 Cluster Subgroups
- 3.3.4 Critical Data in Oracle Key Vault
- 3.3.5 Oracle Key Vault Read/Write Nodes
- 3.3.6 Oracle Key Vault Read-Only Nodes
- 3.3.7 Cluster Node Mode Types
- 3.3.8 Operations Permitted on Cluster Nodes in Different Modes
- 3.4 Building and Managing a Multi-Master Cluster
- 3.5 Oracle Key Vault Multi-Master Cluster Deployment Scenarios
- 3.6 Multi-Master Cluster Features
- 3.7 Cluster Management Information
-
4
Managing Oracle Key Vault Multi-Master Clusters
- 4.1 About Managing Oracle Key Vault Multi-Master Clusters
- 4.2 Setting Up a Cluster
- 4.3 Terminating the Pairing of a Node
- 4.4 Disabling a Cluster Node
- 4.5 Enabling a Disabled Cluster Node
- 4.6 Deleting a Cluster Node
- 4.7 Force Deleting a Cluster Node
- 4.8 Managing Replication Between Nodes
- 4.9 Cluster Management Information
- 4.10 Cluster Monitoring Information
- 4.11 Naming Conflicts and Resolution
- 4.12 Multi-Master Cluster Deployment Recommendations
- 4.13 Adding Alternate Name or IP address
-
5
Managing an Oracle Key Vault Primary-Standby Configuration
-
5.1
Overview of the Oracle Key Vault Primary-Standby Configuration
- 5.1.1 About the Oracle Key Vault Primary-Standby Configuration
- 5.1.2 Benefits of an Oracle Key Vault Primary-Standby Configuration
- 5.1.3 Difference Between Primary-Standby Configuration and Multi-Master Cluster
- 5.1.4 Primary Server Role in a Primary-Standby Configuration
- 5.1.5 Standby Server Role in a Primary-Standby Configuration
- 5.2 Configuring the Primary-Standby Environment
- 5.3 Switching the Primary and Standby Servers
- 5.4 Restoring Primary-Standby After a Failover
- 5.5 Disabling (Unpairing) the Primary-Standby Configuration
-
5.6
Read-Only Restricted Mode in a Primary-Standby Configuration
- 5.6.1 About Read-Only Restricted Mode in a Primary-Standby Configuration
- 5.6.2 Primary-Standby with Read-Only Restricted Mode
- 5.6.3 Primary-Standby without Read-Only Restricted Mode
- 5.6.4 States of Read-Only Restricted Mode
- 5.6.5 Enabling Read-Only Restricted Mode
- 5.6.6 Disabling Read-Only Restricted Mode
- 5.6.7 Recovering from Read-Only Restricted Mode
- 5.6.8 Read-Only Restricted Mode Notifications
- 5.7 Best Practices for Using Oracle Key Vault in a Primary-Standby Configuration
-
5.1
Overview of the Oracle Key Vault Primary-Standby Configuration
-
6
Deploying Oracle Key Vault on an Oracle Cloud Infrastructure VM Compute Instance
- 6.1 About Deploying Oracle Key Vault on an Oracle Cloud Infrastructure Compute Instance
- 6.2 Benefits of Using Oracle Key Vault in Oracle Cloud Infrastructure
- 6.3 Provisioning an Oracle Key Vault Compute Instance
- 6.4 General Management of an Oracle Key Vault Compute Instance
- 6.5 Migrating Oracle Key Vault Deployments Between On-Premises and OCI
- 6.6 Creating Oracle Key Vault Image in Azure
- 6.7 Creating Oracle Key Vault Image in Amazon AWS
-
7
Oracle Database Instances in Oracle Cloud Infrastructure
- 7.1 About Managing Oracle Cloud Infrastructure Database Instance Endpoints
- 7.2 Preparing a Database Instance on OCI to be an Oracle Key Vault Endpoint
-
7.3
Using an SSH Tunnel Between Oracle Key Vault and Database as a Service
- 7.3.1 Creating an SSH Tunnel Between Oracle Key Vault and a DBaaS Instance
- 7.3.2 Managing a Reverse SSH Tunnel in a Multi-Master Cluster
- 7.3.3 Managing a Reverse SSH Tunnel in a Primary-Standby Configuration
- 7.3.4 Viewing SSH Tunnel Configuration Details
- 7.3.5 Disabling an SSH Tunnel Connection
- 7.3.6 How the Connection Works if the SSH Tunnel Is Not Active
- 7.3.7 Deleting an SSH Tunnel Configuration
-
7.4
Registering and Enrolling a Database as a Service Instance as an Oracle Key Vault Endpoint
- 7.4.1 About Registering and Enrolling a Database as a Service Instance as an Oracle Key Vault Endpoint
- 7.4.2 Step 1: Register the Endpoint in the Oracle Key Vault Management Console
- 7.4.3 Step 2: Prepare the Endpoint Environment
- 7.4.4 Step 3: Install the Oracle Key Vault Software onto the Endpoint for Registration and Enrollment
- 7.4.5 Step 4: Perform Post-Installation Tasks
- 7.5 Suspending Database Cloud Service Access to Oracle Key Vault
- 7.6 Resuming Database Cloud Service Access to Oracle Key Vault
- 7.7 Resuming a Database Endpoint Configured with a Password-Based Keystore
-
8
Configuring Single Sign-On in
Oracle Key Vault
- 8.1 About Single Sign-On Authentication in Oracle Key Vault
- 8.2 Configuring SAML Single Sign-On (SSO) Authentication
- 8.3 Managing Single Sign-On in Oracle Key Vault
- 8.4 Configuring Single Sign-On for Oracle Key Vault and Azure Active Directory
- 8.5 Configuring Single Sign-On for Oracle Key Vault and ADFS
- 8.6 Guidelines for Managing Single Sign-On Configuration
-
9
Managing LDAP User Authentication and Authorization in Oracle Key Vault
- 9.1 About Managing LDAP User Authentication and Authorization in Oracle Key Vault
- 9.2 Considerations for Granting Privileges to LDAP Users
- 9.3 Configuring the LDAP Directory Server Connection to Oracle Key Vault
- 9.4 Logins to Oracle Key Vault as an LDAP User
- 9.5 Managing the LDAP Configuration
- 9.6 Managing LDAP Groups
- 9.7 Managing Oracle Key Vault-Generated LDAP Users
-
10
Managing Oracle Key Vault Users
-
10.1
Managing User Accounts
- 10.1.1 About Oracle Key Vault User Accounts
- 10.1.2 User Account Profile Parameters
-
10.1.3
How a Multi-Master Cluster Affects User Accounts
- 10.1.3.1 Multi-Master Cluster Effect on User Account Profile Parameters
- 10.1.3.2 Multi-Master Cluster Effect on System Administrator Users
- 10.1.3.3 Multi-Master Cluster Effect on Key Administrator Users
- 10.1.3.4 Multi-Master Cluster Effect on Audit Manager Users
- 10.1.3.5 Multi-Master Cluster Effect on Administration Users
- 10.1.3.6 Multi-Master Cluster Effect on System Users
- 10.1.4 Creating an Oracle Key Vault User Account
- 10.1.5 Viewing User Account Details
- 10.1.6 Deleting an Oracle Key Vault User Account
-
10.2
Managing Administrative Roles and User Privileges
- 10.2.1 About Managing Administrative Roles and User Privileges
- 10.2.2 Granting or Changing an Administrative Role of a User
- 10.2.3 Granting the Create Endpoint Privilege
- 10.2.4 Granting the Manage Endpoint Privilege
- 10.2.5 Granting the Create Endpoint Group Privilege
- 10.2.6 Granting the Manage Endpoint Group Privilege
- 10.2.7 Revoking an Administrative Role or Endpoint Privilege from a User
- 10.2.8 Granting a User Access to a Virtual Wallet
- 10.3 Managing User Passwords
- 10.4 Managing User Email
-
10.5
Managing User Groups
- 10.5.1 About Managing User Groups
- 10.5.2 How a Multi-Master Cluster Affects User Groups
- 10.5.3 Creating a User Group
- 10.5.4 Adding a User to a User Group
- 10.5.5 Granting a User Group Access to a Virtual Wallet
- 10.5.6 Renaming a User Group
- 10.5.7 Changing a User Group Description
- 10.5.8 Removing a User from a User Group
- 10.5.9 Deleting a User Group
- 10.6 Managing support and root Password
-
10.1
Managing User Accounts
-
11
Managing Oracle Key Vault Virtual Wallets and Security Objects
- 11.1 Managing Virtual Wallets
- 11.2 Managing Access to Virtual Wallets from Keys & Wallets Tab
- 11.3 Managing Access to Virtual Wallets from User’s Menu
- 11.4 Managing Security Objects
-
11.5
Managing the State of a Key or a Security Object
- 11.5.1 About Managing the State of a Key or a Security Object
- 11.5.2 How a Multi-Master Cluster Affects Keys and Security Objects
- 11.5.3 Activating a Key or Security Object
- 11.5.4 Deactivating a Key or Security Object
- 11.5.5 Revoking a Key or Security Object
- 11.5.6 Destroying a Key or Security Object
- 11.6 Managing the Extraction of Symmetric or Private Keys from Oracle Key Vault
- 11.7 Managing Details of Security Objects
-
12
Managing Oracle Key Vault Master Encryption Keys
-
12.1
Using the Persistent Master Encryption Key Cache
- 12.1.1 About the Persistent Master Encryption Key Cache
- 12.1.2 About Oracle Key Vault Persistent Master Encryption Key Cache Architecture
- 12.1.3 Caching Master Encryption Keys in the In-Memory and Persistent Master Encryption Key Cache
- 12.1.4 Storage Location of Persistent Master Encryption Key Cache
- 12.1.5 Persistent Master Encryption Key Cache Modes of Operation
- 12.1.6 Persistent Master Encryption Key Cache Refresh Window
-
12.1.7
Persistent Master Encryption Key Cache Parameters
- 12.1.7.1 PKCS11_CACHE_TIMEOUT Parameter
- 12.1.7.2 PKCS11_PERSISTENT_CACHE_TIMEOUT Parameter
- 12.1.7.3 PKCS11_PERSISTENT_CACHE_FIRST Parameter
- 12.1.7.4 PKCS11_CONFIG_PARAM_REFRESH_INTERVAL Parameter
- 12.1.7.5 PKCS11_PERSISTENT_CACHE_REFRESH_WINDOW Parameter
- 12.1.7.6 EXPIRE PKCS11 PERSISTENT CACHE ON DATABASE SHUTDOWN Parameter
- 12.1.8 Listing the Contents of the Persistent Master Key Cache
- 12.1.9 Oracle Database Deployments and Persistent Master Encryption Key Cache
- 12.2 Configuring an Oracle Key Vault to a New TDE-Enabled Database Connection
- 12.3 Migrating Existing TDE Wallets to Oracle Key Vault
- 12.4 Uploading and Downloading Oracle Wallets
- 12.5 Uploading and Downloading JKS and JCEKS Keystores
- 12.6 Using a User-Defined Key as the TDE Master Encryption Key
-
12.1
Using the Persistent Master Encryption Key Cache
-
13
Managing Oracle Key Vault Endpoints
- 13.1 Overview of Managing Endpoints
- 13.2 Managing Endpoints
- 13.3 Managing Endpoint Details
- 13.4 Managing Global and Per-Endpoint Configuration Parameters and Settings
- 13.5 Default Wallets and Endpoints
- 13.6 Managing Endpoint Access to a Virtual Wallet
-
13.7
Managing Endpoint Groups
- 13.7.1 How a Multi-Master Cluster Affects Endpoint Groups
- 13.7.2 Creating an Endpoint Group
- 13.7.3 Modifying Endpoint Group Details
- 13.7.4 Granting an Endpoint Group Access to a Virtual Wallet
- 13.7.5 Adding an Endpoint to an Endpoint Group
- 13.7.6 Removing an Endpoint from an Endpoint Group
- 13.7.7 Deleting Endpoint Groups
-
14
Enrolling and Upgrading Endpoints for Oracle Key Vault
- 14.1 About Endpoint Enrollment and Provisioning
- 14.2 Finalizing Enrollment and Provisioning
- 14.3 Environment Variables and Endpoint Provisioning Guidance
- 14.4 Endpoints That Do Not Use the Oracle Key Vault Client Software
- 14.5 Transparent Data Encryption Endpoint Management
- 14.6 Endpoint okvclient.ora Configuration File
- 14.7 okvclient.ora Parameters That Must Not Be Modified
- 14.8 Upgrading Endpoint Software
-
15
Managing Keys for Oracle Products
- 15.1 Using a TDE-Configured Oracle Database in an Oracle RAC Environment
- 15.2 Using a TDE-Configured Oracle Database in an Oracle GoldenGate Environment
-
15.3
Using a TDE-Configured Oracle Database in an Oracle Data Guard Environment
- 15.3.1 About Uploading Oracle Wallets in an Oracle Data Guard Environment
- 15.3.2 Uploading Oracle Wallets in an Oracle Data Guard Environment
- 15.3.3 Performing an Online Master Encryption Key Connection in an Oracle Data Guard Environment
- 15.3.4 Migrating Oracle Wallets in an Oracle Data Guard Environment
- 15.3.5 Reverse Migrating Oracle Wallets in an Oracle Data Guard Environment
- 15.3.6 Migrating an Oracle TDE Wallet to Oracle Key Vault for a Logical Standby Database
- 15.3.7 Checking the Oracle TDE Wallet Migration for a Logical Standby Database
- 15.4 Uploading Keystores from Automatic Storage Management to Oracle Key Vault
- 15.5 MySQL Integration with Oracle Key Vault
- 15.6 Other Oracle Database Features That Oracle Key Vault Supports
-
16
SSH Keys Management
Concepts
- 16.1 SSH Protocol
- 16.2 SSH Public Key Authentication
- 16.3 OpenSSH - An Implementation of the SSH Protocol
- 16.4 Challenges with SSH Public Key Authentication
- 16.5 Controlling Access to SSH Server Centrally with Oracle Key Vault
- 16.6 Managing SSH User Keys with Oracle Key Vault
- 16.7 Oracle Key Vault and SSH Integration
- 16.8 Supported Platforms for SSH Server and Client Endpoints
- 17 Management of SSH Keys - Setup and Configuration
-
18
Managing Online and Offline Secrets
- 18.1 Uploading and Downloading Credential Files
- 18.2 Managing Secrets and Credentials for SQL*Plus
- 18.3 Managing Secrets and Credentials for SSH
- 18.4 Integrating Oracle Key Vault with SSH Public Key Authentication
-
18.5
Centrally Managing Passwords in Oracle Key Vault
- 18.5.1 About Centrally Managing Passwords in Oracle Key Vault
- 18.5.2 Creating and Sharing Centrally Managed Passwords
- 18.5.3 Example: Script for Using External Keystore Passwords in SQL*Plus Operations
- 18.5.4 Sharing Secrets with Other Databases
- 18.5.5 Changing Passwords for a Large Database Deployment
-
19
Oracle Key Vault General System Administration
- 19.1 Overview of Oracle Key Vault General System Administration
-
19.2
Configuring Oracle Key Vault in a Non-Multi-Master Cluster Environment
- 19.2.1 Configuring the Network Details
- 19.2.2 Configuring Network Access
- 19.2.3 Configuring DNS
- 19.2.4 Configuring the System Time
- 19.2.5 Configuring FIPS Mode
- 19.2.6 Configuring Syslog
- 19.2.7 Changing the Network Interface Mode
- 19.2.8 Configuring RESTful Services Utility
- 19.2.9 Checking the Oracle Audit Vault Integration Status
- 19.2.10 Configuring the Oracle Key Vault Management Console Web Session Timeout
- 19.2.11 Restarting or Powering Off Oracle Key Vault
-
19.3
Configuring Oracle Key Vault in a Multi-Master Cluster Environment
- 19.3.1 About Configuring Oracle Key Vault in a Multi-Master Cluster Environment
-
19.3.2
Configuring System Settings for Individual Multi-Master Cluster Nodes
- 19.3.2.1 Configuring the Network Details for the Node
- 19.3.2.2 Configuring Network Access for the Node
- 19.3.2.3 Configuring DNS for the Node
- 19.3.2.4 Configuring the System Time for the Node
- 19.3.2.5 Configuring the FIPS Mode for the Node
- 19.3.2.6 Configuring Syslog for the Node
- 19.3.2.7 Changing the Network Interface Mode for the Node
- 19.3.2.8 Configuring Auditing for the Node
- 19.3.2.9 Configuring SNMP Settings for the Node
- 19.3.2.10 Checking the Oracle Audit Vault Integration for the Node
- 19.3.2.11 Restarting or Powering Off Oracle Key Vault from a Node
-
19.3.3
Managing Oracle Key Vault Multi-Master Clusters
- 19.3.3.1 Configuring the System Time for the Cluster
- 19.3.3.2 Configuring DNS for the Cluster
- 19.3.3.3 Configuring the Maximum Disable Node Duration for the Cluster
- 19.3.3.4 Configuring Syslog for the Cluster
- 19.3.3.5 Configuring RESTful Services for the Cluster
- 19.3.3.6 Configuring Auditing for the Cluster
- 19.3.3.7 Configuring SNMP Settings for the Cluster
- 19.3.3.8 Configuring the Oracle Key Vault Management Console Web Session Timeout for the Cluster
- 19.4 Managing System Recovery
- 19.5 Support for a Primary-Standby Environment
-
19.6
Commercial National Security Algorithm Suite Support
- 19.6.1 About Commercial National Security Algorithm Suite Support
- 19.6.2 Running the Commercial National Security Algorithm Scripts
- 19.6.3 Performing Backup Restore Operations with CNSA
- 19.6.4 Upgrading a Standalone Oracle Key Vault Server with CNSA
- 19.6.5 Upgrading Primary-Standby Oracle Key Vault Servers to Use CNSA
- 19.7 Minimizing Downtime
-
20
Managing Service
Certificates
- 20.1 Overview of Oracle Key Vault Certificates
- 20.2 Certificates Validity Period
-
20.3
Monitoring Certificates
Expiry
- 20.3.1 Monitoring Certificates Expiry Using Certificate Expiration Alerts
- 20.3.2 Finding the Expiration Date of Endpoint Certificates
- 20.3.3 CA Certificate Expiration Date on Status Page
- 20.3.4 Server and Node Certificate Expiration on Status Page
- 20.3.5 Finding the Expiration Date of the CA Certificate
- 20.3.6 Finding the Expiration Date of Server Certificates and Node Certificates
-
20.4
Managing CA Certificate
Rotation
- 20.4.1 Steps for Managing CA Certificate Rotation
- 20.4.2 Checking for Self-Signed Root CA or Intermediate CA Certificate
- 20.4.3 Setting the Validity of Self-Signed Root CA Certificate
- 20.4.4 Setting Up the Intermediate CA Certificate
- 20.4.5 Rotating CA Certificate
- 20.4.6 Setting the Endpoint Certificate Rotation Batch Size
- 20.4.7 Setting the Endpoint Certificate Rotation Sequence
- 20.4.8 Checking Overall Certificate Rotation Status
- 20.4.9 Checking Certificate Rotation Status for Endpoints
- 20.4.10 Post-CA Certificate Rotation Tasks
- 20.4.11 Factors Affecting CA Certificate Rotation Process
- 20.4.12 Guidelines for Managing CA Certificate Rotations
- 20.5 Managing Server Certificates and Node Certificates Rotation
- 20.6 Managing the Oracle Key Vault CA Certificate After Expiry
- 21 Managing Console Certificates
-
22
Backup and Restore Operations
- 22.1 About Backing Up and Restoring Data in Oracle Key Vault
- 22.2 Oracle Key Vault Backup Destinations
- 22.3 Scheduled Backups and States
-
22.4
Scheduling and Managing Oracle Key Vault Backups
- 22.4.1 Scheduling a Backup for Oracle Key Vault
- 22.4.2 Changing a Backup Schedule for Oracle Key Vault
- 22.4.3 Deleting a Backup Schedule from Oracle Key Vault
- 22.4.4 How Primary-Standby Affects Oracle Key Vault Backups
- 22.4.5 How Using a Cluster Affects Oracle Key Vault Backups
- 22.4.6 Protecting the Backup Using the Recovery Passphrase
-
22.5
Restoring Oracle Key Vault Data
- 22.5.1 About the Oracle Key Vault Restore Process
- 22.5.2 Procedure for Restoring Oracle Key Vault Data
- 22.5.3 Multi-Master Cluster and the Restore Operation
- 22.5.4 Primary-Standby and the Restore Operation
- 22.5.5 Certificates and the Restore Operation
- 22.5.6 Changes Resulting from a System State Restore
-
22.6
Scheduling the Purging of Old Oracle Key Vault Backups
- 22.6.1 About Scheduling the Purging of Old Oracle Key Vault Backups
- 22.6.2 Creating a Backup Destination Policy
- 22.6.3 Adding a Backup Destination Policy to a Remote Backup Destination
- 22.6.4 Changing a Backup Destination Policy
- 22.6.5 Suspending a Backup Destination Policy
- 22.6.6 Resuming a Suspended Backup Destination Policy
- 22.6.7 Deleting a Backup Destination Policy
- 22.6.8 Finding Information about Backup Destination Policies
- 22.7 Manually Deleting a Local Oracle Key Vault Backup
-
22.8
Configuring Oracle ZFS Storage Appliance to Store Oracle Key Vault Backups
- 22.8.1 Step 1: Create a Storage Project in Oracle ZFS Storage Appliance
- 22.8.2 Step 2: Copy the Oracle Key Vault Public Key to the Oracle ZFS Storage Appliance
- 22.8.3 Step 3: Complete Creating the Oracle ZFS Storage Appliance Project
- 22.8.4 Step 4: Configure Oracle Key Vault to Connect to the Oracle ZFS Storage Appliance Project
- 22.9 Backup and Restore Best Practices
-
23
Monitoring and Auditing Oracle Key Vault
-
23.1
Managing System Monitoring
-
23.1.1
Configuring Remote Monitoring to Use SNMP
- 23.1.1.1 About Using SNMP for Oracle Key Vault
- 23.1.1.2 Granting SNMP Access to Users
- 23.1.1.3 Changing the SNMP User Name and Password
- 23.1.1.4 Changing SNMP Settings on the Standby Server
- 23.1.1.5 Remotely Monitoring Oracle Key Vault Using SNMP
- 23.1.1.6 SNMP Management Information Base Variables for Oracle Key Vault
- 23.1.1.7 Example: Simplified Remote Monitoring of Oracle Key Vault Using SNMP
- 23.1.2 Configuring Email Notification
- 23.1.3 Configuring the Syslog Destination for Individual Multi-Master Cluster Nodes
- 23.1.4 Capturing System Diagnostics
- 23.1.5 Monitoring System Metrics
-
23.1.1
Configuring Remote Monitoring to Use SNMP
- 23.2 Configuring Oracle Key Vault Alerts
-
23.3
Managing System Auditing
- 23.3.1 About Auditing in Oracle Key Vault
- 23.3.2 Oracle Key Vault Audit Trail
- 23.3.3 Viewing Audit Records
- 23.3.4 Exporting and Deleting Audit Records Manually
- 23.3.5 Deleting Audit Records Automatically
-
23.3.6
Configuring Oracle Key Vault with Oracle Audit Vault
- 23.3.6.1 Integrating Oracle Audit Vault with Oracle Key Vault
- 23.3.6.2 Viewing Oracle Key Vault Audit Data Collected by Oracle Audit Vault
- 23.3.6.3 Suspending an Oracle Audit Vault Monitoring Operation
- 23.3.6.4 Resuming an Oracle Audit Vault Monitoring Operation
- 23.3.6.5 Deleting an Oracle Audit Vault Integration
- 23.3.6.6 Guidance for Integrating Oracle Audit Vault in a Multi-Master Cluster or Primary-Standby Environment
- 23.4 Using Oracle Key Vault Reports
-
23.1
Managing System Monitoring
- A Oracle Key Vault Multi-Master Cluster Operations
- B Oracle Key Vault okvutil Endpoint Utility Reference
-
C
Troubleshooting Oracle Key Vault
- C.1 Before You Start Troubleshooting
- C.2 Common Oracle Key Vault Tasks
-
C.3
okvutil and Endpoint
Issues
- C.3.1 Database Wallet Status Not Open or Not Found, TDE HEARTBEAT Check Failed
- C.3.2 Oracle Key Vault Server Communication or Connection Failed Error
- C.3.3 Could Not Store Private Key Errors on Wallet Upload
- C.3.4 RESTful Services Endpoint Provisioning Command Failure
- C.3.5 Uploading Certificate File Failure
- C.3.6 Error in Uploading the Java Keystore
- C.3.7 SSL layer Error while migrating MYSQL Database Keys to Oracle Key Vault
- C.3.8 Rotation or Set Key Failure in Windows Environment
- C.3.9 Rotation or Set Key Fails with ORA-03113
- C.4 Multi-Master Cluster Issues
- C.5 Backup and Restore Issues
- C.6 Certificate Related Issues
-
C.7
Installation and Upgrade
Issues
- C.7.1 Oracle Key Vault Installation Failure
- C.7.2 Oracle Key Vault Upgrade Failure
- C.7.3 Oracle Key Vault Management Console is Not Accessible After Installation
- C.7.4 Oracle Key Vault Upgrade Failure
- C.7.5 Unable to boot after installation of Oracle Key Vault on VMWare VM
- C.7.6 Operation Failed on Network Information Screen After Upgrade from 21.x to 21.5 and Later.
- C.8 Primary-Standby Configuration Issues
- C.9 DBCS Endpoint Configuration Issues
- C.10 Server and Node Issues
- D Security Technical Implementation Guides Compliance Standards
- Glossary
- Index