Oracle Key Vault

Secure key storage, management, and distribution

Oracle Key Vault is specifically engineered to deliver high performant, fault-tolerant, and flexible encryption key management for transparent data encryption (TDE) as part of the Oracle Advanced Security option. It works with advanced database architectures, such as Oracle Real Application Clusters (Oracle RAC), Oracle Data Guard, sharded databases, RMAN backups, and Oracle Multitenant pluggable databases, and scales to support highly consolidated workloads on engineered systems, such as Oracle Exadata, Exadata Cloud@Customer as well as Autonomous Database Cloud@Customer.

Oracle Key Vault 21.5 introduces non-extractable TDE master keys

Centralized secrets storage and distribution

Reduce complexity and strengthen security by centrally storing and delivering passwords, tokens, SSH keys, Java KeyStores, certificates, wallets, and other secrets to authorized users and servers. Key Vault works with other systems that support the KMIP protocol and includes C and Java SDKs for custom integration. The impact of losing one of these secrets can be catastrophic. Key Vault mitigates that risk while maximizing availability, reducing management burden and deployment effort.

Scale without downtime

High-availability cluster deployment supports up to 16 fully replicated Key Vault nodes, each capable of read/write operations. Scale the cluster without downtime, support geographically distributed systems, and enable high levels of resource utilization with no idle standby servers. Clone cluster nodes from a Key Vault template, enabling node additions and removals via infrastructure-as-code tools such as Terraform.

Tested and certified

Key Vault is engineered to work seamlessly throughout the Oracle ecosystem with support for Oracle Database, Oracle MySQL, Oracle Exadata, Oracle RAC, Oracle Data Guard, Oracle ZFS Storage Appliance, and more. Key Vault is specifically designed to meet the demanding performance requirements of a busy IT stack, providing secure, centralized storage and management of keys and secrets in a highly available key management cluster.

Easy to deploy

Available in the Oracle Cloud Marketplace, Key Vault offers prebuilt images so organizations can get started and improve database security in just minutes. Oracle Cloud Infrastructure (OCI)–based Key Vault clusters provide fault-tolerant, continuous key management services to on-premises, hybrid, or multicloud database deployments including on-premises data centers into OCI, Microsoft Azure, and Amazon AWS.

• Leverage OCI’s resiliency by installing Key Vault cluster nodes into different availability domains within the same region, or across different Oracle Cloud regions.
• Benefit from the flexible deployment options by increasing or decreasing the size of the OCI VM shape.
• Scale Key Vault to meet requirements by adding or removing nodes on-premises or in the cloud.

RESTful APIs

Key Vault provides RESTful APIs for cluster monitoring, database enrollment, and automation, allowing management of large numbers of databases and reducing the cost of administration by eliminating the repetitive tasks of manual database registration. A refreshed management console with new dashboards and built-in reports allows administrators to quickly drill down into the various keys and secrets, along with the endpoints and their users.