Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Oracle Cloud Resources

Managing Oracle External Vaults

search

Please Note:

Managing Oracle External Vaults

This section describes how to manage Oracle external vaults on CCKM. Before proceeding, a connection to your Oracle account must exist on the CipherTrust Manager and Oracle Identity Providers must be created.

Oracle external vaults can be added, viewed, modified, or deleted on the External Vaults tab of the Oracle Vaults page.

Adding Oracle External Vaults

You can add external vaults linked to an Oracle connection to the CipherTrust Manager. An external vault can only be added just once.

To add an external Oracle vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults. The Vaults tab of the Oracle Vaults page is displayed.

  3. Click the External Vaults tab.

  4. Click Add External Vault. The Add External Vault wizard is displayed.

  5. Enter a unique Vault Name.

  6. Select a Connection from the drop-down list. The list of existing compartments linked with the selected connection is displayed.

  7. Select a Compartment from the drop-down list.

  8. Select an Issuer from the drop-down list.

  9. Enter KMS Client ID.

  10. Enter Endpoint URL Hostname.

  11. (Optional) Enter Policy.

  12. Click Add.

  13. Click Close.

The selected vault is displayed on the External Vaults tab of the Oracle Vaults page.

The vault is available to upload Oracle keys and view Oracle reports.

Viewing Oracle External Vaults

To view the list of the external vaults added to the CipherTrust Manager:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab. The External Vaults tab of the Oracle Vaults page shows the list of external vaults added to the CipherTrust Manager.

    The page displays the following details:

    Column Description
    Vault Name Name of the vault.
    Vault ID ID of the vault.
    Type Type of the vault, it can be Default or External.
    Status Status of the vault, it can be Blocked or Unblocked.
    OCI Issuer ID of the OCI issuer.
    Tenant Name of the Oracle tenant.
    Compartment Name of the Oracle compartment.
    Region Region of the vault.
    State State of the vault.
    Connection Name of the Oracle connection added to the CipherTrust Manager.
    Last Refreshed Date and time when the vault was refreshed the last.
    Date Added Date and time when the vault was added.

To view/hide columns, click the Customize View (Custom View) icon, select/clear the desired option, and click OK to display the column.

Refreshing Oracle External Vaults

Refreshing is the process to download keys created in Oracle external vaults to the CCKM. You can refresh keys from individual or all Oracle external vaults.

The backup of Oracle keys is created only when the vaults are refreshed. The backup can only be created for keys that:

  • Are stored in Virtual Private Vaults (VPVs)

  • Are stored in vaults that have associated bucket credentials

  • Have the HSM protection mode

Refreshing Specific Oracle External Vaults

To refresh a vault:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the overflow icon (ellipsis) corresponding to the desired vault and click Refresh Now.

A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.

The refreshed keys are listed on the Cloud Keys > Oracle > Oracle Keys page. Refer to Viewing Oracle Keys for details.

Refreshing All Oracle External Vaults

To refresh all Oracle vaults:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click Refresh All. The This may take a while... message is displayed.

    Refresh all vaults is a time intensive operation that could take several hours or days to complete. It will continue running in the background.

  5. Click Refresh All to continue.

A message Refresh started... is displayed on the screen. To cancel the refresh, click Cancel Refresh.

The refreshed keys are listed on the Cloud Keys > Oracle > Oracle Keys page. Refer to Viewing Oracle Keys for details.

Viewing Details of an External Vault

To view the details of an external vault on CCKM:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the Name link of the desired vault.

    Alternatively, click the overflow icon (Overflow Icon) corresponding to the desired vault, and click View/Edit Details.

The edit view of the Oracle Vaults page shows additional details of the selected vault under the GENERAL INFO and ACCESS CONTROL sections. Expand each section to view more details.

The GENERAL INFO section provides details of linked Oracle connection, Bucket Name, and Bucket Namespace. If needed, you can modify these settings, as appropriate.

Changing the Oracle Connection

To change the Oracle connection of a vault:

  1. Expand GENERAL INFO.

  2. From the Connection drop-down list, select the desired Oracle connection.

  3. Click Update.

The connection of the Oracle vault is changed.

Modifying the Bucket Details

To modify the bucket details of a vault:

  1. Expand GENERAL INFO.

  2. Update the Bucket Name.

  3. Update the Bucket Namespace.

  4. Click Update.

The bucket name and bucket namespace of the Oracle vault is modified.

Managing User Permissions on Oracle External Vaults

To work with the Oracle cloud, users/groups must have the minimum set of permissions that allow them to use the Oracle resources such as keys and vaults. Initially, the CCKM user only has permission to view the keys. However, if required, the CCKM administrator can grant and revoke permissions.

Only the users who are member of the CCKM Users group will be granted permissions to perform operations on Oracle external vaults.

Users with the following characteristics can perform operations for Oracle keys and vaults:

  • Users in the CCKM Admins group

  • Users in the Admin group

  • Users who are administrators for a domain

  • Users who are in the CCKM Users group and which have had a CCKM Admin assign permissions through the UI or the /v1/cckm/oci/vaults/{id}/update-acls endpoint in the REST API.

Adding Permissions for a User/Group

To add permissions for a user/group:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the Name link of the desired vault.

    Alternatively, click the overflow icon (Overflow Icon) corresponding to the desired vault, and click View/Edit Details.

  5. Expand the ACCESS CONTROL section.

  6. Click Assign User/Group. The Assign User/Group dialog box is displayed.

  7. Select the desired user or group from the User/Group drop-down list.

  8. Click Save.

The newly added user/group is displayed under Name in the ACCESS CONTROL section. You can now grant additional permissions to the user/group, as appropriate. Refer to Granting Permission to Perform an Operation for details.

Granting Permission to Perform an Operation

To grant permissions to the user or group to perform any of the above mentioned operations:

  1. In the ACCESS CONTROL section, select the check box under the desired operation corresponding to the desired users or groups.

  2. Click Update.

A success message is displayed on the screen.

To revoke permissions from a user/group, refer to Removing a Permission for details.

Removing a Permission

To remove a permission assigned to a user or group:

  1. In the ACCESS CONTROL section, clear the check box under the desired operation corresponding to the desired users or groups.

  2. Click Update.

A success message is displayed on the screen.

Removing Permission from a User/Group

To remove current permissions assigned to the user/group:

  1. In the ACCESS CONTROL section, under Unassign, click the X button corresponding to the desired user/group.

  2. On the Remove User / Remove Group screen, click Remove.

    Removing this user/group will remove all permissions currently assigned to the user/group.

  3. Click Remove to confirm the action. To cancel the action, click Keep It.

A success message is displayed on the screen.

Removing Oracle External Vaults

Oracle external vaults can be removed on the Oracle Vaults page. Search for existing external vaults using Vault Name, Tenant, or Compartment.

To remove an external vault from CCKM:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the overflow icon (Overflow Icon) corresponding to the vault you want to remove.

  5. Click Remove Vault.

  6. Select I wish to delete the vault.

  7. Click Delete.

The Oracle external vault is deleted successfully. It is removed from the list of Oracle external vaults.

Blocking Oracle External Vaults

Oracle external vaults can be blocked on the Oracle Vaults page. Search for existing external vaults using Vault Name, Tenant, or Compartment.

To block an external vault from CCKM:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the overflow icon (Overflow Icon) corresponding to the vault you want to block.

  5. Click Block. The Are you sure you want to block external Vault? message is displayed.

  6. Click Block.

The Oracle external vault is blocked successfully. The status of external vault is changed to Blocked.

Unblocking Oracle External Vaults

Oracle external vaults can be unblocked on the Oracle Vaults page. Search for existing external vaults using Vault Name, Tenant, or Compartment.

To block an external vault from CCKM:

  1. Open the Cloud Key Manager application.

  2. In the left pane, click Containers > Oracle Vaults.

  3. Click the External Vaults tab.

  4. On the External Vaults tab, click the overflow icon (Overflow Icon) corresponding to the vault you want to unblock.

  5. Click Unblock. The Are you sure you want to unblock external Vault? message is displayed.

  6. Click Unblock.

The Oracle external vault is unblocked successfully. The status of external vault is changed to Unblocked.