Blog

Oracle Key Vault provides continuously available, fault-tolerant, and highly scalable centralized key and secrets management for Oracle Database, MySQL, GoldenGate, ZFS Storage Appliance, and custom applications. Customers can deploy Oracle Key Vault in Oracle Cloud Infrastructure (OCI), Microsoft Azure, Amazon AWS, and on-premises on dedicated hardware or virtual machines.

Oracle Key Vault 21.9 is a stability release with several customer-requested enhancements.

• Selective auditing: Customers want to control which OKV operations to audit. With OKV 21.9, you can selectively enable auditing for specific OKV operations based on audit event IDs or audit event categories.
• Allow-list for RESTful connections: OKV 21.9 improves security by restricting incoming REST connections to approved IP addresses only.
• Improved CA certification rotation time: In OKV 21.9, automated CA certificate rotation completes faster by accelerating the rotation of endpoint certificates.

Oracle Key Vault now supports the key management needs of customers enjoying the benefits of the Autonomous Database Service on Dedicated Exadata Infrastructure (ADB-D). Oracle Key Vault, deployed in your OCI tenancy from the Oracle Cloud Marketplace, in AWS or Azure, or in your on-premises datacenter, provides hold-your-own-key out of the box for your encrypted databases, no matter where they are deployed.

Oracle Key Vault offers a complete solution for protecting and managing private and public SSH keys. For an overview of SSH key management with Oracle Key Vault, see our earlier blog, Simplify and secure SSH key management with Oracle Key Vault 21.7, or try it yourself in this new LiveLabs workshop.

Upgrade to Oracle Key Vault 21.9

We strongly recommend upgrading to OKV 21.9 for increased stability and security. The cluster architecture supports complete transparency and zero downtime for database targets during Oracle Key Vault server upgrades.

To upgrade existing Oracle Key Vault servers (18.x, 21.x) to Oracle Key Vault 21.9, download patch 36429383 from Oracle Support or download Oracle Key Vault 21.9 from the Oracle Software Delivery Cloud for fresh installations. In addition, you can deploy Oracle Key Vault 21.9 in your OCI tenancy in minutes from the Oracle Cloud Marketplace (watch “Click to Deploy”).

About Oracle Key Vault 21

Oracle Key Vault 21, the third major release of Key Vault, simplifies the administration of keys and secrets for environments with many endpoints. It is the only purpose-built key management product designed for the wide array of Oracle Database deployment models, including Real Application Clusters (RAC), Data Guard, Globally Distributed (sharded) databases, Multitenant, and cloud databases.

Oracle Key Vault sets the standard for security, automation, scalability, and continuous availability with its software appliance form factor, fault-tolerant multi-master architecture, hybrid deployment capability, and RESTful APIs.

Platform Updates and Improved Stability

• Security and stability fixes from Oracle Database Release Update 19.23 (April 2024) for the embedded OKV repository.
• Security and stability fixes for the embedded Oracle Linux 8.9 operating system.
• Security and stability fixes for the underlying components, including Oracle GoldenGate, Tomcat, Oracle APEX, Oracle Rest Data Services (ORDS), Java Runtime Environment (JRE), and Oracle Instant Client.

For more information

Visit the Oracle Key Vault product page at:
https://www.oracle.com/security/database-security/key-vault

Experience Oracle Key Vault 21 in the Oracle Key Vault LiveLabs workshop.