Oracle Key Vault enables customers to easily deploy encryption and other security solutions by offering robust, central management of encryption keys, Oracle Wallets, Java Keystores, and credential files.
Hybrid Cloud Key Management Support: On-premises Oracle Key Vault supports hybrid cloud key management by managing Oracle Advanced Security TDE master encryption keys for Oracle Database Cloud Service (DBCS) in addition to managing TDE master encryption keys for on-premises Oracle databases. Hybrid cloud key management enables customers maintain control and visibility of master encryption keys used in Oracle Cloud as well as for on-premises Oracle databases.
HSM Integration: On-premise Key Vault can be integrated with an on-premise HSM as a “root-of-trust” for the key hierarchy that protects encrypted data stored in Key Vault. This root-of-trust is generated within the HSM and never leaves the HSM. Integration with an on-premise HSM is supported only on a new installation of Key Vault 18.104.22.168.
Oracle Key Vault enables customers to quickly deploy encryption and other security solutions by centrally managing encryption keys, Oracle Wallets, Java Keystores, and credential files. It is optimized for managing Oracle Advanced Security Transparent Data Encryption (TDE) master keys. The full-stack, security-hardened software appliance uses Oracle Linux and Oracle Database technology for security, availability, and scalability.
Oracle Wallets and Java Keystores are often widely distributed across servers and server clusters, with backup and distribution of these files performed manually. Oracle Key Vault itemizes and stores contents of these files in a master repository while allowing server endpoints to continue operating disconnected from Key Vault using their local copies.
For Oracle Databases using Transparent Data Encryption (TDE), Oracle Key Vault centrally manages TDE master keys over a direct network connection as an alternative to using local wallet files.
Credential files containing SSH keys, Kerberos keytabs, and similar keys are also widely distributed without appropriate protective mechanisms. Oracle Key Vault backs up credential files for long-term retention and recovery.
A browser-based management console makes it easy to administer Oracle Key Vault, provision server endpoints, securely manage key groups, and report on access to keys.
Oracle Key Vault is packaged as an ISO image and is delivered as a pre-configured, security-hardened software appliance. The appliance is easy to install and configure and can be deployed on certified x86-64 hardware.