Autonomous Database on Dedicated Infrastructure supports customer-managed encryption (CME)
keys for enhanced security control. The correct vaults are:
Oracle Key Vault, Oracle Cloud Infrastructure Vault (D):
Oracle Key Vault (OKV): A centralized key management solution designed for Oracle environments,
OKV securely stores and manages encryption keys. It integrates with Autonomous Database to
provide customer-managed TDE (Transparent Data Encryption) keys, offering features like key
rotation and auditing. For example, a DBA might upload a master encryption key to OKV, which the
database then uses to encrypt data at rest.
Oracle Cloud Infrastructure Vault (OCI Vault): OCI Vault is a general-purpose secrets management
service in OCI, capable of storing encryption keys, passwords, and other sensitive data. It supports
storing TDE keys for Autonomous Database, providing a cloud-native option with high availability and
scalability. You might store a key in OCI Vault and link it to your database via the OCI console.
The incorrect options are:
Oracle Audit Vault, Oracle Key Vault (A): Oracle Audit Vault is for audit log management and analysis,
not key storage. It doesn’t support CME for Autonomous Database.
Oracle Cloud Infrastructure Vault, Oracle Database Vault (B): Oracle Database Vault enforces access
controls within the database but isn’t a key storage vault; it’s about privilege management, not key
management.
Oracle Database Vault, Oracle Key Vault (C): As above, Database Vault isn’t a key storage solution,
making this pairing incorrect.
Both OKV and OCI Vault offer robust security for CME, giving customers flexibility based on their
infrastructure p
