Intro

OCI offers a rich set of powerful features, and one that truly stands out is the OCI Marketplace images. As a DBA, I find them incredibly valuable – they significantly reduce the time and effort required to deploy software. Instead of spending hours on manual installations, we can leverage these pre-built, ready-to-use images to get up and running quickly. This allows us to focus more on configuration, performance tuning, and business requirements rather than initial setup.

Purpose of Oracle Key Vault (OKV) Marketplace Images

The Oracle Key Vault (OKV) Marketplace image is a perfect example of how OCI simplifies enterprise deployments. Here’s what it brings to the table:

1. Simplified Deployment

• Rapid provisioning of Oracle Key Vault with just a few clicks.
• Eliminates the need for manual OS-level setup and installation tasks.

2. Centralized & Secure Key Management

• Provides a centralized platform for managing encryption keys, Oracle Wallets, and database credential files.
• Ideal for use cases like Transparent Data Encryption (TDE), Oracle Wallet handling, and secure credential storage.

3. OCI-Optimized Configuration

• The image is pre-configured and certified to run efficiently on OCI Compute shapes.
• Fully compatible with OCI networking, storage, and monitoring services.

4. High Availability and Disaster Recovery (HA/DR) Support

• Easily set up a multi-master OKV cluster to ensure availability and redundancy.
• Supports robust DR architectures to protect key management infrastructure.

In this article, I’ll walk through the steps to deploy Oracle Key Vault using an OCI Marketplace image, demonstrating how quickly and efficiently this critical security component can be set up in the cloud.

You can pick the OKV image from the OCI marketplace as mentioned below.

There are a few steps we need to configure.

1. Select the availability zone.
2. Select Capacity

Select an availability zone.

Select the capacity requirement for OKV.

Select the VCN for OKV deployment.

Add the SSH key, which enables access to the OKV instance.

Select the boot volume

Once the settings are in place, you can get the associate price for this OKV instance.

Estimated cost for OKV.

Once the instance is created successfully, you will see the message ” succeeded.”

Activating this is quite simple – just connect as opc, switch to root, and run the set_password script. Once completed, everything will be ready for login

You are logged in as the 'opc' user.

'opc' is a temporary user used to set the root and support user passwords.
Once the passwords are set successfully, the 'opc' user will be deleted and
login to the Oracle Key Vault(OKV) instance using SSH will be turned off.
You can re-enable login to the OKV instance using SSH from the OKV management
console and login as the 'support' user.


Run the command below to set the root and support user passwords.

$ set_password

Next, login to the OKV management console to complete the post-install tasks.



[opc@okv-test ~]$ set_password
Setting root password

Set root password:

A valid password is required.

************************************************************
Password Conditions:
- Password must have between 15 and 30 characters.
- Password must contain the following:
    at least one lower case character [a-z]
    at least one upper case character [A-Z]
    at least one digit [0-9]
    at least one punctuation [.,+:_!]
- Password may contain a space character " ",
    but not in the first or last location of the password.
- Password must not contain same character repeating
    consecutively more than 3 times.
- Password must not contain more than 4 characters
    of the same class consecutively.
************************************************************

Set root password:

Once you’ve set the root password, you can use it for the initial root login.

Set up roles and users for OKV.

There are 3 different roles in OKV. 

• Admin
• System Administrator
• Audit Manager

Alternatively, you can use the same account for all these roles. For this configuration, I will use a single account.

Once everything is configured, this is how the dashboard will appear when you log in to OKV.

Conclusion

In conclusion, OCI Marketplace images, including Oracle Key Vault, significantly simplify cloud deployments by providing secure, preconfigured, and optimized environments. This approach reduces risk, improves consistency, and allows DBAs and architects to dedicate their efforts to tuning, governance, and supporting business-critical workloads.