Key Vault
Oracle Key Vault securely stores encryption keys, Oracle Wallets, Java KeyStores, SSH key pairs, digital certificates, and other secrets in a scalable, fault-tolerant cluster that supports the OASIS KMIP standard and can be deployed in Oracle Cloud Infrastructure (OCI), Microsoft Azure, Amazon Web Services (AWS), Google Cloud, or on-premises on dedicated hardware or virtual machines.
2025 KuppingerCole Leadership Compass for Data Security Platforms
Discover why KuppingerCole recognized Oracle as a Leader in database security
Why Key Vault
Centralized key management
Manage all your encryption keys, credentials, SSH keys, and secrets across environments from one secure platform.
High availability
Enterprise-grade, multi-master clustering ensures continuous key operations to safeguard your most critical assets.
Multicloud ready
Deploys in Oracle Cloud Infrastructure (OCI), Microsoft Azure, Amazon Web Services, Google Cloud, or on-premises on dedicated hardware or virtual machines.
Accelerate compliance
Safeguard sensitive data by storing Transparent Data Encryption keys separately from the encrypted data, minimizing unauthorized access risks and streamlining compliance.
Free Oracle Patching and Security Tools
Access free tools to help close patch gaps faster and strengthen database security amidst emerging AI threats.
Oracle Key Vault features
Oracle Key Vault (OKV) provides a secure, centralized solution for managing encryption keys, SSH keys, and digital certificates across Oracle Databases and enterprise environments. OKV simplifies compliance and strengthens data protection by unifying key management and access controls.
Key Lifecycle Management
Create, rotate, deactivate, and delete keys to maintain a strong cryptographic posture while eliminating local key store management overhead with online TDE master key management.
SSH Key Management
Oracle Key Vault delivers consolidated control over remote SSH server access using public key authentication. Exercise complete key governance of non-extractable private keys by generating and retaining SSH key pairs in Key Vault.
High Availability
Supports up to sixteen read/write nodes for continuous availability, with in-memory and persistent cache options maintaining encrypted systems even during network downtime, ensuring all nodes collaborate without idle standby servers for efficient resource use.
Broad Ecosystem Integration
Works seamlessly throughout the Oracle ecosystem, supporting Oracle Database, Oracle MySQL, Oracle Exadata, Oracle RAC, Oracle Data Guard, sharded databases, GoldenGate encrypted trail files, ZDLRA, and ZFS Storage appliances, while Key Vault also supports KMIP-compatible databases like MongoDB.
HSM Integration
Integrate with industry-standard Hardware Security Modules (HSMs) for FIPS 140-2 certified, hardware-anchored root-of-trust that protects your entire key hierarchy.
Compliance and Audit Readiness
Simplify regulatory compliance with complete auditing, reporting, and lifecycle traceability for key operations.
Manage Keys for Oracle Databases Anywhere
Centralized key management for Oracle Databases across on-premises and multi-cloud environments. Bring Your Own Key (BYOK) to retain ownership and portability of encryption keys, enabling seamless database movement across OCI, Azure, AWS, Google Cloud, and on-premises without re-encryption.
RESTful APIs and Automation
RESTful APIs facilitate seamless integration with DevOps and security workflows by automating the management of endpoints, wallets, security objects, deployments, and backup operations; clone cluster nodes from a Key Vault template to easily add or remove nodes with minimal API calls.
Client SDK
Client SDK offers C and Java APIs for developing custom applications that facilitate direct integration of Oracle and non-Oracle products with Oracle Key Vault.
Resources
Know more
- Key Vault Datasheet (PDF)
- Key Vault FAQ (PDF)
- 'Click to Deploy' from the Oracle Cloud Marketplace (7:04)
Key Vault has been fully integrated into the database provisioning workflow of the following:
AskTOM Oracle Database Security Office Hours
AskTOM Office Hours offers free, open Q&A sessions with Oracle Database experts who are eager to help you fully leverage the multitude of enterprise-strength database security tools available to your organization.
LiveLabs Workshop: Oracle Key Vault
This workshop introduces Oracle Key Vault features and functionality. Eplore how to migrate an Oracle Database 19c encrypted with TDE from a local wallet to Oracle Key Vault for centralized key management. Learn to upload and remove TDE master keys for PCI DSS compliance, use tagged keys for easier PDB association, and establish a repeatable, auditable workflow for key centralization and rotation.
Oracle Key Vault: Extending deeper into your environment.
Peter Wahl, Sr. Principal Product Manager, Database Encryption and Key Management, Database Security, OracleOracle Key Vault (OKV) centralizes key and secret management with enterprise-grade reliability and scalability for Oracle ecosystems and beyond. OKV is a software appliance that deploys as a fault-tolerant, multi-master cluster and can span across on-premises environments and any cloud. REST APIs enable automated key management for Oracle databases at scale. Since the initial release of OKV 21, we’ve added significant capabilities that expand its use cases and strengthen your security posture. This blog walks through these new features and what they mean for your organization.
Featured database security blogs
- October 14, 2025Celebrating 5 Years of Innovation with Oracle Audit Vault and Database Firewall (AVDF)
- October 9, 2025Simplifying Database Security Compliance at Scale with Oracle Data Safe
- October 8, 2025Securing Oracle AI Database 26ai for the Quantum Era
- Continue readingSee all
Get started with Oracle database security
Try Key Vault Live Labs
In this lab, you’ll migrate an Oracle Database 19c encrypted with TDE from a local wallet to Oracle Key Vault for centralized key management. Learn to upload and remove TDE master keys for PCI DSS compliance, use tagged keys for easier PDB association, and establish a repeatable, auditable workflow for key centralization and rotation. Run the workshop on your own tenancy or reserve a time to run the workshop on LiveLabs, free of charge.
Try Key Vault Live Labs
This workshop dives into Oracle Key Vault’s advanced SSH key management capabilities, demonstrating how to centralize SSH keys within a robust, policy-driven environment and minimize the risk of credential theft or misconfiguration. Learn to store, control, and rotate SSH key pairs directly in Key Vault—where private keys can be set to non-extractable, so even if a server is compromised, the keys remain protected.
Use Key Vault today
Get Oracle Key Vault today to benefit from a fault-tolerant, continuously available, and scalable key management solution.
Contact sales
Talk to a team member about Oracle Database security.