Oracle Key Vault securely stores encryption keys, Oracle Wallets, Java KeyStores, SSH key pairs, and other secrets in a scalable, fault-tolerant cluster that supports the OASIS KMIP standard and deploys in Oracle Cloud Infrastructure (OCI), Microsoft Azure, Amazon AWS, and Google GCP as well as on-premises on dedicated hardware or virtual machines.
Oracle Key Vault (OKV) 21.10 introduces new capabilities and features that improve security, simplify operations, and increase the value you get from your investment in Key Vault:
We engineered Oracle Key Vault to deliver performant, fault-tolerant, and flexible encryption key management for Transparent Data Encryption (TDE), part of Oracle Advanced Security. Key Vault has been purpose-built to support all database deployment options, including Oracle Real Application Clusters (Oracle RAC), Oracle Data Guard, including Oracle Data Guard per pluggable database, globally distributed (sharded) databases, and Oracle Multitenant pluggable databases.
Key Vault scales to support highly consolidated workloads on engineered systems, such as Oracle Exadata, Exadata Database Service on Dedicated Infrastructure (ExaDB D), Exadata Database Service in Azure (ExaDB D@Azure), Exadata Database Service in AWS (ExaDB-D@AWS), and Exadata Database Service in Google Cloud Platform (ExaDB D@GCP).
Oracle Key Vault has been fully integrated into the database provisioning workflow of the following:
Oracle Key Vault delivers consolidated control over remote SSH server access using public key authentication. Exercise complete key governance of public and private key pairs by generating and retaining them in the Key Vault. Reduce complexity and strengthen security by centrally storing and delivering passwords, tokens, SSH keys, Java KeyStores, certificates, wallets, and other secrets to authorized users and servers.
The impact of losing one of these secrets can be catastrophic. Key Vault mitigates that risk while maximizing availability, reducing management burden and deployment effort.
Continuously available multi-master cluster deployments support up to 16 fully replicated Key Vault nodes, each capable of read/write operations. Scale the cluster without downtime, support geographically distributed systems, and enable high levels of resource utilization with no idle standby servers. Clone cluster nodes from a Key Vault template, enabling node additions and removals with a few RESTful API calls.
Oracle Key Vault works seamlessly throughout the Oracle ecosystem, with support for Oracle Database, Oracle MySQL, Oracle Exadata, Oracle RAC, Oracle Data Guard, sharded databases, GoldenGate encrypted trail files, and Oracle ZFS Storage Appliance. Key Vault supports KMIP-compatible databases, such as MongoDB. Key Vault addresses the demanding performance requirements of a busy IT stack, providing secure, centralized storage and management of keys and secrets in a highly available key management cluster.
Key Vault is available in the Oracle Cloud Marketplace, with prebuilt images to get you started in just a few minutes. Key Vault clusters offer fault-tolerant, continuous key management services to on-premises and multicloud database deployments. Key Vault nodes work seamlessly across environments, including on-premises data centers, Oracle Cloud, Microsoft Azure, and Amazon AWS.
Key Vault provides RESTful APIs for cluster monitoring, database enrollment, and automation, allowing the management of large database deployments and reducing administration costs by eliminating the repetitive tasks of manual database registration. A refreshed management console with new dashboards and built-in reports allows administrators to quickly drill down into the various keys and secrets, along with the endpoints and their users.
Embrace a more secure alternative to using local wallets. Remove encryption keys from the database server and reduce the risk of compromise.
Leverage Oracle Key Manager to secure long-term retention backups stored in Oracle Cloud using the ZDLRA archive to cloud solution.
Key Vault offers online key management for encrypted trail files, independent of the database vendor, protecting data throughout the entire replication process.
Key Vault supports key storage and distribution for Oracle Automatic Storage Management Cluster File System.
Manage keys for Transparent Data Encryption to accelerate compliance with regulations such as GDPR, CCPA, PCI-DSS, HIPAA, and more.
Review the Oracle Key Vault documentation. Topics include installation, upgrading, clustering, integration with HSMs, maintenance and management, and much more.
AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.
This workshop introduces Key Vault’s features, explains how to set up the environment and walks attendees through the process for generating SSH keys. Run this workshop on your own tenancy or reserve a time to run the workshop on LiveLabs, free of charge.
Peter Wahl, Senior Principal Product Manager, Oracle Key Vault and Oracle Transparent Data Encryption
Oracle Key Vault provides highly available, scalable, centralized key and secrets management for Oracle Database, MySQL, MongoDB, GoldenGate, the Zero Data Loss Recovery Appliance (ZDLRA), ZFS Storage Appliance, and custom applications. Oracle Key Vault can be deployed in Oracle Cloud Infrastructure (OCI), Microsoft Azure, and Amazon AWS, as well as on-premises on dedicated hardware or as virtual machines. This release of Oracle Key Vault 21.8 includes a number of essential security and stability improvements along with several functional improvements.
Read the complete postDownload the Key Vault software appliance from the Oracle Cloud Marketplace to start using the scalable, highly-available key management system.
Learn how to set up the environment and generate SSH keys. Run the workshop on your own tenancy or reserve a time to run the workshop on LiveLabs, free of charge.
Quickly identify your database security posture and get recommendations to mitigate risks.
Talk to a team member about Oracle database security.