steampipe plugin install oci

Table: oci_kms_vault - Query OCI Key Management Vaults using SQL

OCI Key Management service is a fully managed service that provides centralized key management capabilities, enabling you to manage the entire lifecycle of keys and their associated cryptographic operations. It allows you to create, import, use, rotate, disable, and delete symmetric and asymmetric keys. It also provides centralized key management, key lifecycle management, and cryptographic operations.

Table Usage Guide

The oci_kms_vault table provides insights into Key Management Vaults within Oracle Cloud Infrastructure (OCI). As a security administrator, explore vault-specific details through this table, including the vault type, lifecycle state, and associated metadata. Utilize it to uncover information about vaults, such as those in a particular lifecycle state, the cryptographic endpoint for vaults, and the time of vault creation.

Examples

Basic info

Explore which key management vaults are currently active and when they were created. This can help in tracking the lifecycle of your vaults and assessing their configuration for better security management.

select
id,
display_name,
lifecycle_state,
time_created,
crypto_endpoint,
management_endpoint,
vault_type
from
oci_kms_vault;
select
id,
display_name,
lifecycle_state,
time_created,
crypto_endpoint,
management_endpoint,
vault_type
from
oci_kms_vault;

List inactive vaults

Analyze the settings to understand which security vaults are not currently active. This is useful for identifying potential areas of resource optimization and ensuring all inactive vaults are intended to be so.

select
id,
display_name,
lifecycle_state,
vault_type
from
oci_kms_vault
where
lifecycle_state <> 'ACTIVE';
select
id,
display_name,
lifecycle_state,
vault_type
from
oci_kms_vault
where
lifecycle_state <> 'ACTIVE';

List virtual private vaults

Explore which key management systems are of the 'virtual private' type to understand the security measures taken in your organization. This can help in assessing the elements within your security infrastructure that are designed for exclusive access.

select
id,
display_name,
vault_type
from
oci_kms_vault
where
vault_type = 'VIRTUAL_PRIVATE';
select
id,
display_name,
vault_type
from
oci_kms_vault
where
vault_type = 'VIRTUAL_PRIVATE';

Schema for oci_kms_vault

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
compartment_idtext=The OCID of the compartment in Tenant in which the resource is located.
crypto_endpointtextThe service endpoint to perform cryptographic operations against.
defined_tagsjsonbDefined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.
display_nametextA user-friendly name. Does not have to be unique, and it's changeable.
freeform_tagsjsonbFree-form tags for resource. This tags can be applied by any user with permissions on the resource.
idtext=The OCID of a vault.
lifecycle_statetextA vault's current lifecycle state.
management_endpointtextThe service endpoint to perform management operations against.
regiontextThe OCI region in which the resource is located.
restored_from_vault_idtextThe OCID of the vault from which this vault was restored, if it was restored from a backup file.
tagsjsonbA map of tags for the resource.
tenant_idtextThe OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtimestamp with time zoneThe date and time a vault was created.
time_of_deletiontimestamp with time zoneAn optional property to indicate when to delete the vault.
titletextTitle of the resource.
vault_typetextThe type of vault. Each type of vault stores keys with different degrees of isolation and has different options and pricing.
wrappingkey_idtextThe OCID of the vault's wrapping key.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_kms_vault