Forum Stats

  • 3,853,758 Users
  • 2,264,266 Discussions
  • 7,905,443 Comments

Discussions

Help wanted with adding Oracle endpoint in Key Vault

P.Huang
P.Huang Member Posts: 51 Blue Ribbon
edited Mar 17, 2020 7:59PM in Database Security - General

Hi,

I am testing using key vault to centrally managed wallets. However, I consistently ran into problems when install the key vault agent to the database.

[[email protected] agent]$ . oraenv

ORACLE_SID = [ggstb] ?

The Oracle base remains unchanged with value /u01/app/oracle

[[email protected] agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

Detected ORACLE_BASE: /u01/app/oracle

Using OKV_HOME: /home/oracle/agent/key/

Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

consistently across processes.

Enter new Key Vault endpoint password (<enter> for auto-login):         

Confirm new Key Vault endpoint password:         

Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.  <---------------------------------------------- Error

[[email protected] agent]$ echo $ORACLE_HOME

/u01/app/oracle/product/19.6.0/dbhome_1

[[email protected] agent]$ echo $ORACLE_BASE

/u01/app/oracle

[[email protected] agent]$ echo $OKV_HOME

[[email protected] agent]$

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: waiting for the process to close stdout/err.

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: done waiting for the process to close stdout/err.

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler executePB

FINEST: Error: Unable to get current installed JDK/JRE version.  <--------------------------------------------------------------------------------- Is there special setting needed here?

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler installOkvutil

SEVERE: Error while executing command: %/home/oracle/agent/key//bin/okvutil% install% -v% 3%

Feb 18, 2020 12:15:05 PM oracle.okv.platform.okvutil.OkvDeployHandler main

SEVERE: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

oracle.okv.platform.common.exception.CommonException: Error occurred during install of Oracle Key Vault endpoint software. Check log files for more information.

    at oracle.okv.platform.okvutil.OkvDeployHandler.installOkvutil(OkvDeployHandler.java:379)

    at oracle.okv.platform.okvutil.OkvDeployHandler.install(OkvDeployHandler.java:254)

    at oracle.okv.platform.okvutil.OkvDeployHandler.execute(OkvDeployHandler.java:997)

    at oracle.okv.platform.okvutil.OkvDeployHandler.main(OkvDeployHandler.java:1192)

[[email protected] agent]$

Note, if I ran the installer again, it successes.

[[email protected] agent]$ java -jar /tmp/okvclient.jar -d /home/oracle/agent/key/ -v

Detected JAVA_HOME: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre

Detected ORACLE_HOME: /u01/app/oracle/product/19.6.0/dbhome_1

Detected ORACLE_BASE: /u01/app/oracle

Using OKV_HOME: /home/oracle/agent/key/

Please set environment variables ORACLE_HOME, ORACLE_BASE, and OKV_HOME

consistently across processes.

The endpoint software for Oracle Key Vault upgraded successfully.

[[email protected] agent]$

If I proceed and ignore the above error, I am unable to open the wallet...

[[email protected] ~]# /home/oracle/agent/key/bin/root.sh

Creating directory: /opt/oracle/extapi/64/hsm/oracle/1.0.0/

Copying PKCS library to /opt/oracle/extapi/64/hsm/oracle/1.0.0/

Setting PKCS library file permissions

Installation successful.

[[email protected] ~]#

[[email protected] agent]$ cat /u01/app/oracle/homes/OraDB19Home1/network/admin/sqlnet.ora

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=OKV))

[[email protected] agent]$

[[email protected] agent]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Tue Feb 18 12:25:23 2020

Version 19.6.0.0.0

Copyright (c) 1982, 2019, Oracle.  All rights reserved.

Connected to:

Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

Version 19.6.0.0.0

SQL> administer key management set keystore open identified by oracle_4U;

administer key management set keystore open identified by oracle_4U

*

ERROR at line 1:

ORA-28353: failed to open wallet

SQL>

SQL> select * from V$encryption_wallet

  2  ;

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV <------------------------------------------------------------------------------------------------------------------------------------------- use key vault

CLOSED                   UNKNOWN            SINGLE    NONE     UNDEFINED

     1

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV

CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

     2

WRL_TYPE

--------------------

WRL_PARAMETER

--------------------------------------------------------------------------------

STATUS                   WALLET_TYPE        WALLET_OR KEYSTORE FULLY_BAC

------------------------------ -------------------- --------- -------- ---------

    CON_ID

----------

OKV

CLOSED                   UNKNOWN            SINGLE    UNITED   UNDEFINED

     3

SQL>

environment:

DB: Oracle 19.6 CDB on OEL 7

Key Vault: 18.2

Answers