Table: oci_kms_vault - Query OCI Key Management Vaults using SQL
OCI Key Management service is a fully managed service that provides centralized key management capabilities, enabling you to manage the entire lifecycle of keys and their associated cryptographic operations. It allows you to create, import, use, rotate, disable, and delete symmetric and asymmetric keys. It also provides centralized key management, key lifecycle management, and cryptographic operations.
Table Usage Guide
The oci_kms_vault table provides insights into Key Management Vaults within Oracle Cloud Infrastructure (OCI). As a security administrator, explore vault-specific details through this table, including the vault type, lifecycle state, and associated metadata. Utilize it to uncover information about vaults, such as those in a particular lifecycle state, the cryptographic endpoint for vaults, and the time of vault creation.
Examples
Basic info
Explore which key management vaults are currently active and when they were created. This can help in tracking the lifecycle of your vaults and assessing their configuration for better security management.
select id, display_name, lifecycle_state, time_created, crypto_endpoint, management_endpoint, vault_typefrom oci_kms_vault;select id, display_name, lifecycle_state, time_created, crypto_endpoint, management_endpoint, vault_typefrom oci_kms_vault;List inactive vaults
Analyze the settings to understand which security vaults are not currently active. This is useful for identifying potential areas of resource optimization and ensuring all inactive vaults are intended to be so.
select id, display_name, lifecycle_state, vault_typefrom oci_kms_vaultwhere lifecycle_state <> 'ACTIVE';select id, display_name, lifecycle_state, vault_typefrom oci_kms_vaultwhere lifecycle_state <> 'ACTIVE';List virtual private vaults
Explore which key management systems are of the 'virtual private' type to understand the security measures taken in your organization. This can help in assessing the elements within your security infrastructure that are designed for exclusive access.
select id, display_name, vault_typefrom oci_kms_vaultwhere vault_type = 'VIRTUAL_PRIVATE';select id, display_name, vault_typefrom oci_kms_vaultwhere vault_type = 'VIRTUAL_PRIVATE';Query examples
Schema for oci_kms_vault
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| crypto_endpoint | text | The service endpoint to perform cryptographic operations against. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| display_name | text | A user-friendly name. Does not have to be unique, and it's changeable. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of a vault. |
| lifecycle_state | text | A vault's current lifecycle state. | |
| management_endpoint | text | The service endpoint to perform management operations against. | |
| region | text | The OCI region in which the resource is located. | |
| restored_from_vault_id | text | The OCID of the vault from which this vault was restored, if it was restored from a backup file. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | timestamp with time zone | The date and time a vault was created. | |
| time_of_deletion | timestamp with time zone | An optional property to indicate when to delete the vault. | |
| title | text | Title of the resource. | |
| vault_type | text | The type of vault. Each type of vault stores keys with different degrees of isolation and has different options and pricing. | |
| wrappingkey_id | text | The OCID of the vault's wrapping key. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_kms_vault