Simplify SSH key management, enhance manageability and improve operational security with Oracle Key Vault 21.8

March 18, 2024 | 3 minute read
Peter Wahl
Senior Principal Product Manager - Database Encryption and Key Management
Text Size 100%:

Oracle Key Vault provides highly available, scalable, centralized key and secrets management for Oracle Database, MySQL, MongoDB, GoldenGate, the Zero Data Loss Recovery Appliance (ZDLRA), ZFS Storage Appliance, and custom applications. Oracle Key Vault can be deployed in Oracle Cloud Infrastructure (OCI), Microsoft Azure, and Amazon AWS, as well as on-premises on dedicated hardware or as virtual machines.

This release of Oracle Key Vault 21.8 includes a number of essential security and stability improvements along with several functional improvements.

Platform Updates and Improved Stability

  • Security and stability fixes from Oracle Database Release Update 19.22 (Jan 2024) for the embedded OKV repository.
  • Security and stability fixes for the embedded Oracle Linux 8.9 operating system.
  • Includes the latest security and stability fixes for the underlying Oracle and non-Oracle components, including APEX, JRE, Oracle GoldenGate, Oracle Instant Client, ORDS, etc.

Faster SSH key management deployment

SSH public key authentication is the most widely used approach to securely access remote servers, whether deployed on-premises or on compute nodes in any cloud. Oracle Key Vault offers a complete solution for protecting and managing private and public SSH keys. For an overview of SSH key management with Oracle Key Vault, see our blog, Simplify and secure SSH key management with Oracle Key Vault 21.7.

Oracle Key Vault 21.8 makes rolling out SSH key management easier. Once administrators enroll a remote server as an endpoint, they can directly upload their users' SSH public keys into an Oracle Key Vault’s SSH Server wallet with a single step.

New manageability features

You can perform server-side filtering for the RESTful services utility commands that list items such as endpoints, wallets, and objects in wallets. For example, you can filter the list of objects in a wallet by type, such as "secret" or "certificate," or by state, like "active" or "compromised." You can also filter the list of completed backups for a specific backup destination, type, or date.

In addition, the RESTful services utility commands support custom attributes and KMIP attributes as command line options. These features make performing housekeeping, monitoring, and reporting tasks easier without maintaining and editing JSON files.

Operational security improvements

Service certificates in Oracle Key Vault can support up to 4096-bit key lengths for increased strength and compliance with corporate information security policies.

Oracle Key Vault generates an alert when the platform certificates are about to expire within a period defined by the alert configuration.

Oracle Key Vault allows an option to configure roles such that its user can have no more than one administrative role at a time, enforcing strict administrative role isolation.

Upgrade to Oracle Key Vault 21.8

We strongly recommend that you upgrade to the latest OKV 21.8 for increased stability and security.  The cluster architecture supports complete transparency and zero downtime for the database targets during Oracle Key Vault server upgrades.

To upgrade existing Oracle Key Vault servers (18.x, 21.x) to Oracle Key Vault 21.8, download patch 35951559 from Oracle Support or download Oracle Key Vault 21.8 from the Oracle Software Delivery Cloud for fresh installations. In addition, you can launch Oracle Key Vault 21.8 from the Oracle Cloud Marketplace in your OCI tenancy in minutes (watch Click to Deploy).

Experience Oracle Key Vault 21 in the Oracle Key Vault LiveLab for yourself.

About Oracle Key Vault 21

Oracle Key Vault 21, the third major release of Key Vault, simplifies the administration of keys and secrets for environments with many endpoints. It is the only purpose-built key management product designed to support various Oracle Database deployment models, including Real Application Clusters (RAC), Data Guard, sharded databases, Multitenant, and cloud databases.

Oracle Key Vault sets the standard for security, automation, scalability, and continuous availability with its software appliance form factor, fault-tolerant multi-master, hybrid deployment capability, and RESTful APIs.


Visit the Oracle Key Vault product page at:

Peter Wahl

Senior Principal Product Manager - Database Encryption and Key Management

Peter Wahl is the Senior Principal Product Manager for Oracle Database Transparent Data Encryption and Oracle Key Vault and has over 25 years of experience in various security areas. Peter has also been a member of Oracle field engineering team, working with some of the largest Oracle Database customers. Peter is a certified Oracle Cloud Infrastructure Architect Associate and holds a Master’s Degree in Electrical Engineering from the University of Applied Sciences in Ravensburg, Germany.

Previous Post

Introducing Zero to low-cost Autonomous Database for Developers

Simon Law | 3 min read

Next Post

ORA-07445 exception encountered: core dump - 3 steps to resolve

Gareth Chapman | 7 min read