Key Management Common Types
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VARCHAR2_TBL Type
Nested table type of varchar2(32767).
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_varchar2_tbl FORCE IS TABLE OF (varchar2(32767)) NOT PERSISTABLE;DBMS_CLOUD_OCI_KEY_MANAGEMENT_BACKUP_LOCATION_T Type
Backup upload location
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_backup_location_t FORCE AUTHID CURRENT_USER IS OBJECT (
destination varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_t (
destination varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE NOT FINAL;Fields
| Field | Description |
|---|---|
|
|
(required) 'Backup location destination: BUCKET - Uploading or downloading backup via object store bucket PRE_AUTHENTICATED_REQUEST_URI - Uploading or downloading backup via a PreAuthenticated object store URI' Allowed values are: 'BUCKET', 'PRE_AUTHENTICATED_REQUEST_URI' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_BACKUP_KEY_DETAILS_T Type
The details of the Key that you wish to backup.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_backup_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
backup_location dbms_cloud_oci_key_management_backup_location_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_key_details_t (
backup_location dbms_cloud_oci_key_management_backup_location_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_BACKUP_LOCATION_BUCKET_T Type
Object storage bucket details to upload or download the backup
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_backup_location_bucket_t FORCE AUTHID CURRENT_USER UNDER dbms_cloud_oci_key_management_backup_location_t (
namespace varchar2(32767),
bucket_name varchar2(32767),
object_name varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_bucket_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_bucket_t (
destination varchar2,
namespace varchar2,
bucket_name varchar2,
object_name varchar2
) RETURN SELF AS RESULT
);dbms_cloud_oci_key_management_backup_location_bucket_t is a subtype of the dbms_cloud_oci_key_management_backup_location_t type.
Fields
| Field | Description |
|---|---|
|
|
(required) |
|
|
(required) |
|
|
(required) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_BACKUP_LOCATION_URI_T Type
PreAuthenticated object storage URI to upload or download the backup
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_backup_location_uri_t FORCE AUTHID CURRENT_USER UNDER dbms_cloud_oci_key_management_backup_location_t (
uri varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_uri_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_location_uri_t (
destination varchar2,
uri varchar2
) RETURN SELF AS RESULT
);dbms_cloud_oci_key_management_backup_location_uri_t is a subtype of the dbms_cloud_oci_key_management_backup_location_t type.
Fields
| Field | Description |
|---|---|
|
|
(required) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_BACKUP_VAULT_DETAILS_T Type
The details of the Vault that you wish to backup.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_backup_vault_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
backup_location dbms_cloud_oci_key_management_backup_location_t,
is_include_keys number,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_vault_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_backup_vault_details_t (
backup_location dbms_cloud_oci_key_management_backup_location_t,
is_include_keys number
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) |
|
|
(optional) A Boolean value that indicates whether the Keys should be included during backing up the Vault. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CHANGE_KEY_COMPARTMENT_DETAILS_T Type
The deatils of the compartment that you wish to move the Key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_change_key_compartment_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_change_key_compartment_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_change_key_compartment_details_t (
compartment_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that you want to move the key to. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CHANGE_VAULT_COMPARTMENT_DETAILS_T Type
The details of the compartment you wish to move the Vault.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_change_vault_compartment_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_change_vault_compartment_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_change_vault_compartment_details_t (
compartment_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment to move the vault to. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CREATE_EKMS_PRIVATE_ENDPOINT_DETAILS_T Type
Information needed to create EKMS private endpoint resource
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_create_ekms_private_endpoint_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
subnet_id varchar2(32767),
compartment_id varchar2(32767),
freeform_tags json_element_t,
defined_tags json_element_t,
display_name varchar2(32767),
external_key_manager_ip varchar2(32767),
ca_bundle varchar2(32767),
port number,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_ekms_private_endpoint_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_ekms_private_endpoint_details_t (
subnet_id varchar2,
compartment_id varchar2,
freeform_tags json_element_t,
defined_tags json_element_t,
display_name varchar2,
external_key_manager_ip varchar2,
ca_bundle varchar2,
port number
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of subnet in which the EKMS private endpoint is to be created |
|
|
(required) Compartment identifier. |
|
|
(optional) Simple key-value pair that is applied without any predefined name, type, or scope. Exists for cross-compatibility only. Example: `{\"bar-key\": \"value\"}` |
|
|
(optional) Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{\"foo-namespace\": {\"bar-key\": \"value\"}}` |
|
|
(required) Display name of the EKMS private endpoint resource being created. |
|
|
(required) External private IP to connect to from this EKMS private endpoint |
|
|
(required) CABundle to validate TLS certificate of the external key manager system in PEM format |
|
|
(optional) The port of the external key manager system |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_SHAPE_T Type
The cryptographic properties of a key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_shape_t FORCE AUTHID CURRENT_USER IS OBJECT (
algorithm varchar2(32767),
length number,
curve_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_shape_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_shape_t (
algorithm varchar2,
length number,
curve_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for `External` keys. Allowed values are: 'AES', 'RSA', 'ECDSA' |
|
|
(required) The length of the key in bytes, expressed as an integer. Supported values include the following: - AES: 16, 24, or 32 - RSA: 256, 384, or 512 - ECDSA: 32, 48, or 66 |
|
|
(optional) Supported curve IDs for ECDSA keys. Allowed values are: 'NIST_P256', 'NIST_P384', 'NIST_P521' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXTERNAL_KEY_REFERENCE_T Type
A reference to the key on external key manager.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_external_key_reference_t FORCE AUTHID CURRENT_USER IS OBJECT (
external_key_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_reference_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_reference_t (
external_key_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CREATE_KEY_DETAILS_T Type
The details of the key that you want to create.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_create_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
key_shape dbms_cloud_oci_key_management_key_shape_t,
protection_mode varchar2(32767),
external_key_reference dbms_cloud_oci_key_management_external_key_reference_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_key_details_t (
compartment_id varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
key_shape dbms_cloud_oci_key_management_key_shape_t,
protection_mode varchar2,
external_key_reference dbms_cloud_oci_key_management_external_key_reference_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment where you want to create the master encryption key. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) |
|
|
(optional) The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of `HSM` means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of `SOFTWARE` means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of `SOFTWARE` are performed on the server. By default, a key's protection mode is set to `HSM`. You can't change a key's protection mode after the key is created or imported. A protection mode of `EXTERNAL` mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of `EXTERNAL` are performed by external key manager. Allowed values are: 'HSM', 'SOFTWARE', 'EXTERNAL' |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_OAUTH_METADATA_T Type
Authorization details required to get access token from IDP for accessing protected resources.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_oauth_metadata_t FORCE AUTHID CURRENT_USER IS OBJECT (
idcs_account_name_url varchar2(32767),
client_app_id varchar2(32767),
client_app_secret varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_oauth_metadata_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_oauth_metadata_t (
idcs_account_name_url varchar2,
client_app_id varchar2,
client_app_secret varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) Base URL of the IDCS account where confidential client app is created. |
|
|
(required) ID of the client app created in IDP. |
|
|
(required) Secret of the client app created in IDP. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXTERNAL_KEY_MANAGER_METADATA_T Type
Metadata required for accessing External Key manager
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_external_key_manager_metadata_t FORCE AUTHID CURRENT_USER IS OBJECT (
oauth_metadata dbms_cloud_oci_key_management_oauth_metadata_t,
external_vault_endpoint_url varchar2(32767),
private_endpoint_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_manager_metadata_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_manager_metadata_t (
oauth_metadata dbms_cloud_oci_key_management_oauth_metadata_t,
external_vault_endpoint_url varchar2,
private_endpoint_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) |
|
|
(required) URI of the vault on external key manager. |
|
|
(required) OCID of private endpoint created by customer. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CREATE_VAULT_DETAILS_T Type
The details of the vault that you want to create.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_create_vault_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
external_key_manager_metadata dbms_cloud_oci_key_management_external_key_manager_metadata_t,
vault_type varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_vault_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_vault_details_t (
compartment_id varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
external_key_manager_metadata dbms_cloud_oci_key_management_external_key_manager_metadata_t,
vault_type varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment where you want to create this vault. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for the vault. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(optional) |
|
|
(required) The type of vault to create. Each type of vault stores the key with different degrees of isolation and has different options and pricing. Allowed values are: 'VIRTUAL_PRIVATE', 'DEFAULT', 'EXTERNAL' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_CREATE_VAULT_REPLICA_DETAILS_T Type
Creates a vault replica.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_create_vault_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replica_region varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_vault_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_create_vault_replica_details_t (
replica_region varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The region in the realm to which the vault need to be replicated to |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_DECRYPT_DATA_DETAILS_T Type
The details of the encrypted data that you want to decrypt.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_decrypt_data_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
associated_data json_element_t,
ciphertext varchar2(32767),
key_id varchar2(32767),
logging_context json_element_t,
key_version_id varchar2(32767),
encryption_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_decrypt_data_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_decrypt_data_details_t (
associated_data json_element_t,
ciphertext varchar2,
key_id varchar2,
logging_context json_element_t,
key_version_id varchar2,
encryption_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters. |
|
|
(required) The encrypted data to decrypt. |
|
|
(required) The OCID of the key used to encrypt the ciphertext. |
|
|
(optional) Information that provides context for audit logging. You can provide this additional data as key-value pairs to include in audit logs when audit logging is enabled. |
|
|
(optional) The OCID of the key version used to encrypt the ciphertext. |
|
|
(optional) The encryption algorithm to use to encrypt or decrypt data with a customer-managed key. `AES_256_GCM` indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). `RSA_OAEP_SHA_1` indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). `RSA_OAEP_SHA_256` indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. Allowed values are: 'AES_256_GCM', 'RSA_OAEP_SHA_1', 'RSA_OAEP_SHA_256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_DECRYPTED_DATA_T Type
The response to a request to decrypt the encrypted data.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_decrypted_data_t FORCE AUTHID CURRENT_USER IS OBJECT (
plaintext varchar2(32767),
plaintext_checksum varchar2(32767),
key_id varchar2(32767),
key_version_id varchar2(32767),
encryption_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_decrypted_data_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_decrypted_data_t (
plaintext varchar2,
plaintext_checksum varchar2,
key_id varchar2,
key_version_id varchar2,
encryption_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The decrypted data, expressed as a base64-encoded value. |
|
|
(required) The checksum of the decrypted data. |
|
|
(optional) The OCID of the key used to encrypt the ciphertext. |
|
|
(optional) The OCID of the key version used to encrypt the ciphertext. |
|
|
(optional) The encryption algorithm to use to encrypt and decrypt data with a customer-managed key `AES_256_GCM` indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). `RSA_OAEP_SHA_1` indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). `RSA_OAEP_SHA_256` indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. Allowed values are: 'AES_256_GCM', 'RSA_OAEP_SHA_1', 'RSA_OAEP_SHA_256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_DELETE_VAULT_REPLICA_DETAILS_T Type
Deletes a vault replica
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_delete_vault_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replica_region varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_delete_vault_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_delete_vault_replica_details_t (
replica_region varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The region in the realm on which the replica should be deleted |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EKMS_PRIVATE_ENDPOINT_T Type
EKMS private endpoint created in customer subnet used to connect to external key manager system
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_ekms_private_endpoint_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
compartment_id varchar2(32767),
subnet_id varchar2(32767),
display_name varchar2(32767),
time_created timestamp with time zone,
time_updated timestamp with time zone,
freeform_tags json_element_t,
defined_tags json_element_t,
lifecycle_state varchar2(32767),
lifecycle_details varchar2(32767),
external_key_manager_ip varchar2(32767),
port number,
ca_bundle varchar2(32767),
private_endpoint_ip varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_ekms_private_endpoint_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_ekms_private_endpoint_t (
id varchar2,
compartment_id varchar2,
subnet_id varchar2,
display_name varchar2,
time_created timestamp with time zone,
time_updated timestamp with time zone,
freeform_tags json_element_t,
defined_tags json_element_t,
lifecycle_state varchar2,
lifecycle_details varchar2,
external_key_manager_ip varchar2,
port number,
ca_bundle varchar2,
private_endpoint_ip varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) Unique identifier that is immutable |
|
|
(required) Compartment Identifier. |
|
|
(required) Subnet Identifier |
|
|
(required) EKMS Private Endpoint display name |
|
|
(required) The time the EKMS private endpoint was created. An RFC3339 formatted datetime string. |
|
|
(optional) The time the EKMS private endpoint was updated. An RFC3339 formatted datetime string. |
|
|
(optional) Simple key-value pair that is applied without any predefined name, type, or scope. Exists for cross-compatibility only. Example: `{\"bar-key\": \"value\"}` |
|
|
(optional) Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{\"foo-namespace\": {\"bar-key\": \"value\"}}` |
|
|
(required) The current state of the EKMS private endpoint resource. Allowed values are: 'CREATING', 'ACTIVE', 'DELETING', 'DELETED', 'FAILED' |
|
|
(optional) A message describing the current state in more detail. For example, can be used to provide actionable information for a resource in 'Failed' state. |
|
|
(required) Private IP of the external key manager system to connect to from the EKMS private endpoint |
|
|
(optional) The port of the external key manager system |
|
|
(optional) CABundle to validate TLS certificate of the external key manager system in PEM format |
|
|
(optional) The IP address in the customer's VCN for the EKMS private endpoint. This is taken from subnet |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EKMS_PRIVATE_ENDPOINT_SUMMARY_T Type
EKMS private endpoints summary
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_ekms_private_endpoint_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
id varchar2(32767),
subnet_id varchar2(32767),
compartment_id varchar2(32767),
time_created timestamp with time zone,
time_updated timestamp with time zone,
display_name varchar2(32767),
freeform_tags json_element_t,
defined_tags json_element_t,
lifecycle_state varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_ekms_private_endpoint_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_ekms_private_endpoint_summary_t (
id varchar2,
subnet_id varchar2,
compartment_id varchar2,
time_created timestamp with time zone,
time_updated timestamp with time zone,
display_name varchar2,
freeform_tags json_element_t,
defined_tags json_element_t,
lifecycle_state varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) Unique identifier that is immutable |
|
|
(required) Subnet Identifier |
|
|
(required) Identifier of the compartment this EKMS private endpoint belongs to |
|
|
(required) The time the EKMS private endpoint was created. An RFC3339 formatted datetime string. |
|
|
(optional) The time the EKMS private endpoint was updated. An RFC3339 formatted datetime string. |
|
|
(required) Mutable name of the EKMS private endpoint |
|
|
(optional) Simple key-value pair that is applied without any predefined name, type, or scope. Exists for cross-compatibility only. Example: `{\"bar-key\": \"value\"}` |
|
|
(optional) Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{\"foo-namespace\": {\"bar-key\": \"value\"}}` |
|
|
(required) The current state of the EKMS private endpoint resource. Allowed values are: 'CREATING', 'ACTIVE', 'DELETING', 'DELETED', 'FAILED' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_ENCRYPT_DATA_DETAILS_T Type
The details of the plaintext data that you want to encrypt.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_encrypt_data_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
associated_data json_element_t,
key_id varchar2(32767),
logging_context json_element_t,
plaintext varchar2(32767),
key_version_id varchar2(32767),
encryption_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_encrypt_data_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_encrypt_data_details_t (
associated_data json_element_t,
key_id varchar2,
logging_context json_element_t,
plaintext varchar2,
key_version_id varchar2,
encryption_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters. |
|
|
(required) The OCID of the key to encrypt with. |
|
|
(optional) Information that provides context for audit logging. You can provide this additional data as key-value pairs to include in the audit logs when audit logging is enabled. |
|
|
(required) The plaintext data to encrypt. |
|
|
(optional) The OCID of the key version used to encrypt the ciphertext. |
|
|
(optional) The encryption algorithm to use to encrypt and decrypt data with a customer-managed key. `AES_256_GCM` indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). `RSA_OAEP_SHA_1` indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). `RSA_OAEP_SHA_256` indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. Allowed values are: 'AES_256_GCM', 'RSA_OAEP_SHA_1', 'RSA_OAEP_SHA_256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_ENCRYPTED_DATA_T Type
The response to a request to encrypt the plaintext data.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_encrypted_data_t FORCE AUTHID CURRENT_USER IS OBJECT (
ciphertext varchar2(32767),
key_id varchar2(32767),
key_version_id varchar2(32767),
encryption_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_encrypted_data_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_encrypted_data_t (
ciphertext varchar2,
key_id varchar2,
key_version_id varchar2,
encryption_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The encrypted data. |
|
|
(optional) The OCID of the key used to encrypt the ciphertext. |
|
|
(optional) The OCID of the key version used to encrypt the ciphertext. |
|
|
(optional) The encryption algorithm to use to encrypt and decrypt data with a customer-managed key. `AES_256_GCM` indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). `RSA_OAEP_SHA_1` indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). `RSA_OAEP_SHA_256` indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. Allowed values are: 'AES_256_GCM', 'RSA_OAEP_SHA_1', 'RSA_OAEP_SHA_256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_ERROR_T Type
The desciption of Error message.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_error_t FORCE AUTHID CURRENT_USER IS OBJECT (
code varchar2(32767),
message varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_error_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_error_t (
code varchar2,
message varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) A short error code that defines the error, meant for programmatic parsing. See API Errors. |
|
|
(required) A human-readable error string. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXPORT_KEY_DETAILS_T Type
The details of the key that you want to wrap and export.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_export_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_id varchar2(32767),
key_version_id varchar2(32767),
algorithm varchar2(32767),
public_key varchar2(32767),
logging_context json_element_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_export_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_export_key_details_t (
key_id varchar2,
key_version_id varchar2,
algorithm varchar2,
public_key varchar2,
logging_context json_element_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the master encryption key associated with the key version you want to export. |
|
|
(optional) The OCID of the specific key version to export. If not specified, the service exports the current key version. |
|
|
(required) The encryption algorithm to use to encrypt exportable key material from a software-backed key. Specifying `RSA_OAEP_AES_SHA256` invokes the RSA AES key wrap mechanism, which generates a temporary AES key. The temporary AES key is wrapped by the RSA public wrapping key provided along with the request, creating a wrapped temporary AES key. The temporary AES key is also used to wrap the exportable key material. The wrapped temporary AES key and the wrapped exportable key material are concatenated, producing concatenated blob output that jointly represents them. Specifying `RSA_OAEP_SHA256` means that the software key is wrapped by the RSA public wrapping key provided along with the request. Allowed values are: 'RSA_OAEP_AES_SHA256', 'RSA_OAEP_SHA256' |
|
|
(required) The PEM format of the 2048-bit, 3072-bit, or 4096-bit RSA wrapping key in your possession that you want to use to encrypt the key. |
|
|
(optional) Information that provides context for audit logging. You can provide this additional data as key-value pairs to include in the audit logs when audit logging is enabled. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXPORTED_KEY_DATA_T Type
The response to a request to export key material.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_exported_key_data_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_version_id varchar2(32767),
key_id varchar2(32767),
time_created timestamp with time zone,
vault_id varchar2(32767),
encrypted_key varchar2(32767),
algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_exported_key_data_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_exported_key_data_t (
key_version_id varchar2,
key_id varchar2,
time_created timestamp with time zone,
vault_id varchar2,
encrypted_key varchar2,
algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the key version. |
|
|
(required) The OCID of the master encryption key associated with this key version. |
|
|
(required) The date and time this key version was created, expressed in RFC 3339 timestamp format. |
|
|
(required) The OCID of the vault that contains this key version. |
|
|
(required) The base64-encoded exported key material, which is encrypted by using the public RSA wrapping key specified in the export request. |
|
|
(required) The encryption algorithm to use to encrypt exportable key material from a key that persists on the server (as opposed to a key that persists on a hardware security module and, therefore, cannot be exported). Specifying RSA_OAEP_AES_SHA256 invokes the RSA AES key wrap mechanism, which generates a temporary AES key. The temporary AES key is wrapped by the RSA public wrapping key provided along with the request, creating a wrapped temporary AES key. The temporary AES key is also used to wrap the exportable key material. The wrapped temporary AES key and the wrapped exportable key material are concatenated, producing concatenated blob output that jointly represents them. Specifying RSA_OAEP_SHA256 means that the exportable key material is wrapped by the RSA public wrapping key provided along with the request. Allowed values are: 'RSA_OAEP_AES_SHA256', 'RSA_OAEP_SHA256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_OAUTH_METADATA_SUMMARY_T Type
Summary about authorization to be returned to the customer as a response.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_oauth_metadata_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
idcs_account_name_url varchar2(32767),
client_app_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_oauth_metadata_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_oauth_metadata_summary_t (
idcs_account_name_url varchar2,
client_app_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) Base URL of the IDCS account where confidential client app is created. |
|
|
(required) ID of the client app created in IDP. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXTERNAL_KEY_MANAGER_METADATA_SUMMARY_T Type
Summary about metadata of external key manager to be returned to the customer as a response.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
vendor varchar2(32767),
external_vault_endpoint_url varchar2(32767),
private_endpoint_id varchar2(32767),
oauth_metadata_summary dbms_cloud_oci_key_management_oauth_metadata_summary_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t (
vendor varchar2,
external_vault_endpoint_url varchar2,
private_endpoint_id varchar2,
oauth_metadata_summary dbms_cloud_oci_key_management_oauth_metadata_summary_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Vendor of the external key manager. |
|
|
(required) URL of the vault on external key manager. |
|
|
(required) OCID of the private endpoint. |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXTERNAL_KEY_REFERENCE_DETAILS_T Type
Key reference data to be returned to the customer as a response.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_external_key_reference_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
external_key_id varchar2(32767),
external_key_version_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_reference_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_reference_details_t (
external_key_id varchar2,
external_key_version_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM. |
|
|
(required) Key version ID associated with the external key. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_EXTERNAL_KEY_VERSION_REFERENCE_T Type
A reference to key version on external key manager.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_external_key_version_reference_t FORCE AUTHID CURRENT_USER IS OBJECT (
external_key_version_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_version_reference_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_external_key_version_reference_t (
external_key_version_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Key version ID associated with the external key. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_GENERATE_KEY_DETAILS_T Type
The details of the key that you want to encrypt or decrypt data.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_generate_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
associated_data json_element_t,
include_plaintext_key number,
key_id varchar2(32767),
key_shape dbms_cloud_oci_key_management_key_shape_t,
logging_context json_element_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_generate_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_generate_key_details_t (
associated_data json_element_t,
include_plaintext_key number,
key_id varchar2,
key_shape dbms_cloud_oci_key_management_key_shape_t,
logging_context json_element_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters. |
|
|
(required) If true, the generated key is also returned unencrypted. |
|
|
(required) The OCID of the master encryption key to encrypt the generated data encryption key with. |
|
|
(required) |
|
|
(optional) Information that provides context for audit logging. You can provide this additional data by formatting it as key-value pairs to include in audit logs when audit logging is enabled. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_GENERATED_KEY_T Type
The reponse to the regeuest to generate the key to encrypt or decrypt the data.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_generated_key_t FORCE AUTHID CURRENT_USER IS OBJECT (
ciphertext varchar2(32767),
plaintext varchar2(32767),
plaintext_checksum varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_generated_key_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_generated_key_t (
ciphertext varchar2,
plaintext varchar2,
plaintext_checksum varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The encrypted data encryption key generated from a master encryption key. |
|
|
(optional) The plaintext data encryption key, a base64-encoded sequence of random bytes, which is included if the GenerateDataEncryptionKey request includes the `includePlaintextKey` parameter and sets its value to \"true\". |
|
|
(optional) The checksum of the plaintext data encryption key, which is included if the GenerateDataEncryptionKey request includes the `includePlaintextKey` parameter and sets its value to \"true\". |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_WRAPPED_IMPORT_KEY_T Type
The details of the wrapped import Key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_wrapped_import_key_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_material varchar2(32767),
wrapping_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_wrapped_import_key_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_wrapped_import_key_t (
key_material varchar2,
wrapping_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The key material to import, wrapped by the vault's RSA public wrapping key and base64-encoded. |
|
|
(required) The wrapping mechanism to use during key import. `RSA_OAEP_AES_SHA256` invokes the RSA AES key wrap mechanism, which generates a temporary AES key. The temporary AES key is wrapped by the vault's RSA public wrapping key, creating a wrapped temporary AES key. The temporary AES key is also used to wrap the private key material. The wrapped temporary AES key and the wrapped exportable key material are concatenated, producing concatenated blob output that jointly represents them. `RSA_OAEP_SHA256` means that the exportable key material is wrapped by the vault's RSA public wrapping key. Allowed values are: 'RSA_OAEP_SHA256', 'RSA_OAEP_AES_SHA256' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_IMPORT_KEY_DETAILS_T Type
The details of the Key that you wish to import.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_import_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
key_shape dbms_cloud_oci_key_management_key_shape_t,
wrapped_import_key dbms_cloud_oci_key_management_wrapped_import_key_t,
protection_mode varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_import_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_import_key_details_t (
compartment_id varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
key_shape dbms_cloud_oci_key_management_key_shape_t,
wrapped_import_key dbms_cloud_oci_key_management_wrapped_import_key_t,
protection_mode varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this key. |
|
|
(optional) Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{\"foo-namespace\": {\"bar-key\": \"foo-value\"}}` |
|
|
(required) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Simple key-value pair that is applied without any predefined name, type, or scope. Exists for cross-compatibility only. Example: `{\"bar-key\": \"value\"}` |
|
|
(required) |
|
|
(required) |
|
|
(optional) The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of `HSM` means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of `SOFTWARE` means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of `SOFTWARE` are performed on the server. By default, a key's protection mode is set to `HSM`. You can't change a key's protection mode after the key is created or imported. Allowed values are: 'HSM', 'SOFTWARE' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_IMPORT_KEY_VERSION_DETAILS_T Type
The details of the KeyVersion that you wish to import.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_import_key_version_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
defined_tags json_element_t,
freeform_tags json_element_t,
wrapped_import_key dbms_cloud_oci_key_management_wrapped_import_key_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_import_key_version_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_import_key_version_details_t (
defined_tags json_element_t,
freeform_tags json_element_t,
wrapped_import_key dbms_cloud_oci_key_management_wrapped_import_key_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_REPLICA_DETAILS_T Type
Key replica details
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replication_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_replica_details_t (
replication_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) ReplicationId associated with a key operation |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_T Type
The logical entities that represent one or more key versions, each of which contains cryptographic material.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
current_key_version varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
id varchar2(32767),
key_shape dbms_cloud_oci_key_management_key_shape_t,
protection_mode varchar2(32767),
lifecycle_state varchar2(32767),
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2(32767),
restored_from_key_id varchar2(32767),
replica_details dbms_cloud_oci_key_management_key_replica_details_t,
is_primary number,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_t (
compartment_id varchar2,
current_key_version varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
id varchar2,
key_shape dbms_cloud_oci_key_management_key_shape_t,
protection_mode varchar2,
lifecycle_state varchar2,
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2,
restored_from_key_id varchar2,
replica_details dbms_cloud_oci_key_management_key_replica_details_t,
is_primary number,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this master encryption key. |
|
|
(required) The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The `currentKeyVersion` property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) The OCID of the key. |
|
|
(required) |
|
|
(optional) The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of `HSM` means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of `SOFTWARE` means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of `SOFTWARE` are performed on the server. By default, a key's protection mode is set to `HSM`. You can't change a key's protection mode after the key is created or imported. A protection mode of `EXTERNAL` mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of `EXTERNAL` are performed by external key manager. Allowed values are: 'HSM', 'SOFTWARE', 'EXTERNAL' |
|
|
(required) The key's current lifecycle state. Example: `ENABLED` Allowed values are: 'CREATING', 'ENABLING', 'ENABLED', 'DISABLING', 'DISABLED', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION', 'UPDATING', 'BACKUP_IN_PROGRESS', 'RESTORING' |
|
|
(required) The date and time the key was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(optional) An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: `2019-04-03T21:10:29.600Z` |
|
|
(required) The OCID of the vault that contains this key. |
|
|
(optional) The OCID of the key from which this key was restored. |
|
|
(optional) |
|
|
(optional) A Boolean value that indicates whether the Key belongs to primary Vault or replica vault. |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_SUMMARY_T Type
The details of the Key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
id varchar2(32767),
lifecycle_state varchar2(32767),
time_created timestamp with time zone,
vault_id varchar2(32767),
protection_mode varchar2(32767),
algorithm varchar2(32767),
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_summary_t (
compartment_id varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
id varchar2,
lifecycle_state varchar2,
time_created timestamp with time zone,
vault_id varchar2,
protection_mode varchar2,
algorithm varchar2,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains the key. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) The OCID of the key. |
|
|
(required) The key's current lifecycle state. Example: `ENABLED` Allowed values are: 'CREATING', 'ENABLING', 'ENABLED', 'DISABLING', 'DISABLED', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION', 'UPDATING', 'BACKUP_IN_PROGRESS', 'RESTORING' |
|
|
(required) The date and time the key was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(required) The OCID of the vault that contains the key. |
|
|
(optional) The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of `HSM` means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of `SOFTWARE` means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of `SOFTWARE` are performed on the server. By default, a key's protection mode is set to `HSM`. You can't change a key's protection mode after the key is created or imported. A protection mode of `EXTERNAL` mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of `EXTERNAL` are performed by external key manager. Allowed values are: 'HSM', 'SOFTWARE', 'EXTERNAL' |
|
|
(optional) The algorithm used by a key's key versions to encrypt or decrypt data. Allowed values are: 'AES', 'RSA', 'ECDSA' |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_VERSION_REPLICA_DETAILS_T Type
KeyVersion replica details
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_version_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replication_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_replica_details_t (
replication_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) ReplicationId associated with a key version operation |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_VERSION_T Type
The details of the KeyVersion associated with the Key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_version_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
id varchar2(32767),
key_id varchar2(32767),
public_key varchar2(32767),
lifecycle_state varchar2(32767),
origin varchar2(32767),
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2(32767),
restored_from_key_version_id varchar2(32767),
replica_details dbms_cloud_oci_key_management_key_version_replica_details_t,
is_primary number,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_t (
compartment_id varchar2,
id varchar2,
key_id varchar2,
public_key varchar2,
lifecycle_state varchar2,
origin varchar2,
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2,
restored_from_key_version_id varchar2,
replica_details dbms_cloud_oci_key_management_key_version_replica_details_t,
is_primary number,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this key version. |
|
|
(required) The OCID of the key version. |
|
|
(required) The OCID of the key associated with this key version. |
|
|
(optional) The public key in PEM format. (This value pertains only to RSA and ECDSA keys.) |
|
|
(optional) The key version's current lifecycle state. Example: `ENABLED` Allowed values are: 'CREATING', 'ENABLING', 'ENABLED', 'DISABLING', 'DISABLED', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION' |
|
|
(optional) The source of the key material. When this value is `INTERNAL`, Key Management created the key material. When this value is `EXTERNAL`, the key material was imported from an external source. Allowed values are: 'INTERNAL', 'EXTERNAL' |
|
|
(required) The date and time this key version was created, expressed in RFC 3339 timestamp format. Example: \"2018-04-03T21:10:29.600Z\" |
|
|
(optional) An optional property indicating when to delete the key version, expressed in RFC 3339 timestamp format. Example: `2019-04-03T21:10:29.600Z` |
|
|
(required) The OCID of the vault that contains this key version. |
|
|
(optional) The OCID of the key version from which this key version was restored. |
|
|
(optional) |
|
|
(optional) A Boolean value that indicates whether the KeyVersion belongs to primary Vault or replica Vault. |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_KEY_VERSION_SUMMARY_T Type
The details of the KeyVersion.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_key_version_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
id varchar2(32767),
key_id varchar2(32767),
lifecycle_state varchar2(32767),
origin varchar2(32767),
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2(32767),
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_key_version_summary_t (
compartment_id varchar2,
id varchar2,
key_id varchar2,
lifecycle_state varchar2,
origin varchar2,
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_id varchar2,
external_key_reference_details dbms_cloud_oci_key_management_external_key_reference_details_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this key version. |
|
|
(required) The OCID of the key version. |
|
|
(required) The OCID of the master encryption key associated with this key version. |
|
|
(optional) The key version's current lifecycle state. Example: `ENABLED` Allowed values are: 'CREATING', 'ENABLING', 'ENABLED', 'DISABLING', 'DISABLED', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION' |
|
|
(required) The source of the key material. When this value is INTERNAL, Key Management created the key material. When this value is EXTERNAL, the key material was imported from an external source. Allowed values are: 'INTERNAL', 'EXTERNAL' |
|
|
(required) The date and time this key version was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(optional) An optional property to indicate when to delete the key version, expressed in RFC 3339 timestamp format. Example: `2019-04-03T21:10:29.600Z` |
|
|
(required) The OCID of the vault that contains this key version. |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_REPLICA_DETAILS_T Type
Details of replication status
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
l_region varchar2(32767),
status varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_replica_details_t (
l_region varchar2,
status varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) The replica region |
|
|
(optional) Replication status associated with a replicationId Allowed values are: 'REPLICATING', 'REPLICATED' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_REPLICA_DETAILS_TBL Type
Nested table type of dbms_cloud_oci_key_management_replica_details_t.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_replica_details_tbl FORCE IS TABLE OF (dbms_cloud_oci_key_management_replica_details_t) NOT PERSISTABLE;DBMS_CLOUD_OCI_KEY_MANAGEMENT_REPLICATION_STATUS_DETAILS_T Type
Details of replication status across all replica regions
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_replication_status_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replica_details dbms_cloud_oci_key_management_replica_details_tbl,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_replication_status_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_replication_status_details_t (
replica_details dbms_cloud_oci_key_management_replica_details_tbl
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Replica Details. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_RESTORE_KEY_FROM_OBJECT_STORE_DETAILS_T Type
The details of the backup location from which you want to restore the Key.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_restore_key_from_object_store_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
backup_location dbms_cloud_oci_key_management_backup_location_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_restore_key_from_object_store_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_restore_key_from_object_store_details_t (
backup_location dbms_cloud_oci_key_management_backup_location_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_RESTORE_VAULT_FROM_OBJECT_STORE_DETAILS_T Type
The details of the backup location from which you want to restore the Vault.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_restore_vault_from_object_store_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
backup_location dbms_cloud_oci_key_management_backup_location_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_restore_vault_from_object_store_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_restore_vault_from_object_store_details_t (
backup_location dbms_cloud_oci_key_management_backup_location_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_SCHEDULE_KEY_DELETION_DETAILS_T Type
Details for scheduling key deletion.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_schedule_key_deletion_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
time_of_deletion timestamp with time zone,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_key_deletion_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_key_deletion_details_t (
time_of_deletion timestamp with time zone
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) An optional property to indicate when to delete the vault, expressed in RFC 3339 timestamp format. The specified time must be between 7 and 30 days from when the request is received. If this property is missing, it will be set to 30 days from the time of the request by default. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_SCHEDULE_KEY_VERSION_DELETION_DETAILS_T Type
Details for scheduling key version deletion.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_schedule_key_version_deletion_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
time_of_deletion timestamp with time zone,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_key_version_deletion_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_key_version_deletion_details_t (
time_of_deletion timestamp with time zone
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) An optional property to indicate when to delete the key version, expressed in RFC 3339 timestamp format. The specified time must be between 7 and 30 days from the time when the request is received. If this property is missing, it will be set to 30 days from the time of the request by default. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_SCHEDULE_VAULT_DELETION_DETAILS_T Type
Details for scheduling vault deletion.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_schedule_vault_deletion_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
time_of_deletion timestamp with time zone,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_vault_deletion_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_schedule_vault_deletion_details_t (
time_of_deletion timestamp with time zone
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) An optional property indicating when to delete the vault, expressed in RFC 3339 timestamp format. The specified time must be between 7 and 30 days from the time when the request is received. If this property is missing, it will be set to 30 days from the time of the request by default. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_SIGN_DATA_DETAILS_T Type
The details of the message that you want to sign.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_sign_data_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
message varchar2(32767),
key_id varchar2(32767),
key_version_id varchar2(32767),
message_type varchar2(32767),
signing_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_sign_data_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_sign_data_details_t (
message varchar2,
key_id varchar2,
key_version_id varchar2,
message_type varchar2,
signing_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest. |
|
|
(required) The OCID of the key used to sign the message. |
|
|
(optional) The OCID of the key version used to sign the message. |
|
|
(optional) Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`. Allowed values are: 'RAW', 'DIGEST' |
|
|
(required) The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest. Allowed values are: 'SHA_224_RSA_PKCS_PSS', 'SHA_256_RSA_PKCS_PSS', 'SHA_384_RSA_PKCS_PSS', 'SHA_512_RSA_PKCS_PSS', 'SHA_224_RSA_PKCS1_V1_5', 'SHA_256_RSA_PKCS1_V1_5', 'SHA_384_RSA_PKCS1_V1_5', 'SHA_512_RSA_PKCS1_V1_5', 'ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_SIGNED_DATA_T Type
The response to a request to sign the message.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_signed_data_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_id varchar2(32767),
key_version_id varchar2(32767),
signature varchar2(32767),
signing_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_signed_data_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_signed_data_t (
key_id varchar2,
key_version_id varchar2,
signature varchar2,
signing_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the key used to sign the message. |
|
|
(required) The OCID of the key version used to sign the message. |
|
|
(required) The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest. |
|
|
(required) The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest. Allowed values are: 'SHA_224_RSA_PKCS_PSS', 'SHA_256_RSA_PKCS_PSS', 'SHA_384_RSA_PKCS_PSS', 'SHA_512_RSA_PKCS_PSS', 'SHA_224_RSA_PKCS1_V1_5', 'SHA_256_RSA_PKCS1_V1_5', 'SHA_384_RSA_PKCS1_V1_5', 'SHA_512_RSA_PKCS1_V1_5', 'ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_UPDATE_EKMS_PRIVATE_ENDPOINT_DETAILS_T Type
Information needed to modify EKMS private endpoint resource
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_update_ekms_private_endpoint_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
display_name varchar2(32767),
freeform_tags json_element_t,
defined_tags json_element_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_ekms_private_endpoint_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_ekms_private_endpoint_details_t (
display_name varchar2,
freeform_tags json_element_t,
defined_tags json_element_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Display name of EKMS private endpoint resource. |
|
|
(optional) Simple key-value pair that is applied without any predefined name, type or scope. Exists for cross-compatibility only. Example: `{\"bar-key\": \"value\"}` |
|
|
(optional) Usage of predefined tag keys. These predefined keys are scoped to namespaces. Example: `{\"foo-namespace\": {\"bar-key\": \"value\"}}` |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_UPDATE_KEY_DETAILS_T Type
The details of the Key that you wish to update.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_update_key_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_key_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_key_details_t (
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(optional) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_UPDATE_VAULT_DETAILS_T Type
The details of the Vault that you wish to update.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_update_vault_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_vault_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_update_vault_details_t (
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(optional) A user-friendly name for the vault. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VAULT_REPLICA_DETAILS_T Type
Vault replica details
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_vault_replica_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
replication_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_replica_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_replica_details_t (
replication_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) ReplicationId associated with a vault operation |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VAULT_T Type
The logical entity where the Vault service creates and durably stores keys.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_vault_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
crypto_endpoint varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
id varchar2(32767),
lifecycle_state varchar2(32767),
management_endpoint varchar2(32767),
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_type varchar2(32767),
restored_from_vault_id varchar2(32767),
wrappingkey_id varchar2(32767),
replica_details dbms_cloud_oci_key_management_vault_replica_details_t,
is_primary number,
external_key_manager_metadata_summary dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_t (
compartment_id varchar2,
crypto_endpoint varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
id varchar2,
lifecycle_state varchar2,
management_endpoint varchar2,
time_created timestamp with time zone,
time_of_deletion timestamp with time zone,
vault_type varchar2,
restored_from_vault_id varchar2,
wrappingkey_id varchar2,
replica_details dbms_cloud_oci_key_management_vault_replica_details_t,
is_primary number,
external_key_manager_metadata_summary dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this vault. |
|
|
(required) The service endpoint to perform cryptographic operations against. Cryptographic operations include Encrypt, Decrypt, and GenerateDataEncryptionKey operations. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for the vault. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) The OCID of the vault. |
|
|
(required) The vault's current lifecycle state. Example: `DELETED` Allowed values are: 'CREATING', 'ACTIVE', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION', 'UPDATING', 'BACKUP_IN_PROGRESS', 'RESTORING' |
|
|
(required) The service endpoint to perform management operations against. Management operations include \"Create,\" \"Update,\" \"List,\" \"Get,\" and \"Delete\" operations. |
|
|
(required) The date and time this vault was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(optional) An optional property to indicate when to delete the vault, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(required) The type of vault. Each type of vault stores the key with different degrees of isolation and has different options and pricing. Allowed values are: 'VIRTUAL_PRIVATE', 'DEFAULT', 'EXTERNAL' |
|
|
(optional) The OCID of the vault from which this vault was restored, if it was restored from a backup file. If you restore a vault to the same region, the vault retains the same OCID that it had when you backed up the vault. |
|
|
(required) The OCID of the vault's wrapping key. |
|
|
(optional) |
|
|
(optional) A Boolean value that indicates whether the Vault is primary Vault or replica Vault. |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VAULT_REPLICA_SUMMARY_T Type
Summary of vault replicas
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_vault_replica_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
crypto_endpoint varchar2(32767),
management_endpoint varchar2(32767),
l_region varchar2(32767),
status varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_replica_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_replica_summary_t (
crypto_endpoint varchar2,
management_endpoint varchar2,
l_region varchar2,
status varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(optional) The vault replica's crypto endpoint |
|
|
(optional) The vault replica's management endpoint |
|
|
(optional) Region to which vault is replicated to |
|
|
(optional) Status of the Vault Allowed values are: 'CREATING', 'CREATED', 'DELETING', 'DELETED' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VAULT_SUMMARY_T Type
The details of the Vault.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_vault_summary_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
crypto_endpoint varchar2(32767),
defined_tags json_element_t,
display_name varchar2(32767),
freeform_tags json_element_t,
id varchar2(32767),
lifecycle_state varchar2(32767),
management_endpoint varchar2(32767),
time_created timestamp with time zone,
vault_type varchar2(32767),
external_key_manager_metadata_summary dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_summary_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_summary_t (
compartment_id varchar2,
crypto_endpoint varchar2,
defined_tags json_element_t,
display_name varchar2,
freeform_tags json_element_t,
id varchar2,
lifecycle_state varchar2,
management_endpoint varchar2,
time_created timestamp with time zone,
vault_type varchar2,
external_key_manager_metadata_summary dbms_cloud_oci_key_management_external_key_manager_metadata_summary_t
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains a particular vault. |
|
|
(required) The service endpoint to perform cryptographic operations against. Cryptographic operations include Encrypt, Decrypt, and GenerateDataEncryptionKey operations. |
|
|
(optional) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: `{\"Operations\": {\"CostCenter\": \"42\"}}` |
|
|
(required) A user-friendly name for a vault. It does not have to be unique, and it is changeable. Avoid entering confidential information. |
|
|
(optional) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: `{\"Department\": \"Finance\"}` |
|
|
(required) The OCID of a vault. |
|
|
(required) A vault's current lifecycle state. Example: `ACTIVE` Allowed values are: 'CREATING', 'ACTIVE', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION', 'UPDATING', 'BACKUP_IN_PROGRESS', 'RESTORING' |
|
|
(required) The service endpoint to perform management operations against. Management operations include \"Create,\" \"Update,\" \"List,\" \"Get,\" and \"Delete\" operations. |
|
|
(required) The date and time a vault was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(required) The type of vault. Each type of vault stores keys with different degrees of isolation and has different options and pricing. Allowed values are: 'VIRTUAL_PRIVATE', 'EXTERNAL', 'DEFAULT' |
|
|
(optional) |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VAULT_USAGE_T Type
The details of the number of Keys and KeyVersions usage in a Vault.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_vault_usage_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_count number,
key_version_count number,
software_key_count number,
software_key_version_count number,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_usage_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_vault_usage_t (
key_count number,
key_version_count number,
software_key_count number,
software_key_version_count number
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The number of keys in this vault that persist on a hardware security module (HSM), across all compartments, excluding keys in a `DELETED` state. |
|
|
(required) The number of key versions in this vault that persist on a hardware security module (HSM), across all compartments, excluding key versions in a `DELETED` state. |
|
|
(optional) The number of keys in this vault that persist on the server, across all compartments, excluding keys in a `DELETED` state. |
|
|
(optional) The number of key versions in this vault that persist on the server, across all compartments, excluding key versions in a `DELETED` state. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VERIFIED_DATA_T Type
The response to a request to verify the message.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_verified_data_t FORCE AUTHID CURRENT_USER IS OBJECT (
is_signature_valid number,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_verified_data_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_verified_data_t (
is_signature_valid number
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) A Boolean value that indicates whether the signature was verified. |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_VERIFY_DATA_DETAILS_T Type
The details of the message that you want to verify.
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_verify_data_details_t FORCE AUTHID CURRENT_USER IS OBJECT (
key_id varchar2(32767),
key_version_id varchar2(32767),
signature varchar2(32767),
message_type varchar2(32767),
message varchar2(32767),
signing_algorithm varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_verify_data_details_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_verify_data_details_t (
key_id varchar2,
key_version_id varchar2,
signature varchar2,
message_type varchar2,
message varchar2,
signing_algorithm varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the key used to sign the message. |
|
|
(required) The OCID of the key version used to sign the message. |
|
|
(required) The base64-encoded binary data object denoting the cryptographic signature generated for the message. |
|
|
(optional) Denotes whether the value of the message parameter is a raw message or a message digest. The default value, `RAW`, indicates a message. To indicate a message digest, use `DIGEST`. Allowed values are: 'RAW', 'DIGEST' |
|
|
(required) The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest. |
|
|
(required) The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest. Allowed values are: 'SHA_224_RSA_PKCS_PSS', 'SHA_256_RSA_PKCS_PSS', 'SHA_384_RSA_PKCS_PSS', 'SHA_512_RSA_PKCS_PSS', 'SHA_224_RSA_PKCS1_V1_5', 'SHA_256_RSA_PKCS1_V1_5', 'SHA_384_RSA_PKCS1_V1_5', 'SHA_512_RSA_PKCS1_V1_5', 'ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512' |
DBMS_CLOUD_OCI_KEY_MANAGEMENT_WRAPPING_KEY_T Type
The public RSA wrapping key associated with the vault
Syntax
CREATE OR REPLACE NONEDITIONABLE TYPE dbms_cloud_oci_key_management_wrapping_key_t FORCE AUTHID CURRENT_USER IS OBJECT (
compartment_id varchar2(32767),
id varchar2(32767),
lifecycle_state varchar2(32767),
public_key varchar2(32767),
time_created timestamp with time zone,
vault_id varchar2(32767),
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_wrapping_key_t
RETURN SELF AS RESULT,
CONSTRUCTOR FUNCTION dbms_cloud_oci_key_management_wrapping_key_t (
compartment_id varchar2,
id varchar2,
lifecycle_state varchar2,
public_key varchar2,
time_created timestamp with time zone,
vault_id varchar2
) RETURN SELF AS RESULT
) NOT PERSISTABLE;Fields
| Field | Description |
|---|---|
|
|
(required) The OCID of the compartment that contains this key. |
|
|
(required) The OCID of the key. |
|
|
(required) The key's current lifecycle state. Example: `ENABLED` Allowed values are: 'CREATING', 'ENABLING', 'ENABLED', 'DISABLING', 'DISABLED', 'DELETING', 'DELETED', 'PENDING_DELETION', 'SCHEDULING_DELETION', 'CANCELLING_DELETION', 'UPDATING', 'BACKUP_IN_PROGRESS', 'RESTORING' |
|
|
(required) The public key, in PEM format, to use to wrap the key material before importing it. |
|
|
(required) The date and time the key was created, expressed in RFC 3339 timestamp format. Example: `2018-04-03T21:10:29.600Z` |
|
|
(required) The OCID of the vault that contains this key. |