diff --git a/database/advanced/key-vault/images/Screenshot_2025-10-07_23.29.07.png b/database/advanced/key-vault/images/Screenshot_2025-10-07_23.29.07.png
index b8556b3c..fe6f931b 100644
Binary files a/database/advanced/key-vault/images/Screenshot_2025-10-07_23.29.07.png and b/database/advanced/key-vault/images/Screenshot_2025-10-07_23.29.07.png differ
diff --git a/database/advanced/key-vault/images/Screenshot_2025-10-07_23.39.39.png b/database/advanced/key-vault/images/Screenshot_2025-10-07_23.39.39.png
index 88a30814..60efbcc1 100644
Binary files a/database/advanced/key-vault/images/Screenshot_2025-10-07_23.39.39.png and b/database/advanced/key-vault/images/Screenshot_2025-10-07_23.39.39.png differ
diff --git a/database/advanced/key-vault/key-vault-Lab10.md b/database/advanced/key-vault/key-vault-Lab10.md
index ce470754..b2af4ef6 100644
--- a/database/advanced/key-vault/key-vault-Lab10.md
+++ b/database/advanced/key-vault/key-vault-Lab10.md
@@ -45,7 +45,7 @@ This lab builds on concepts and operations from lab 9. Complete lab 9 first befo
````
sqlplus / as sysdba
- ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY EXTERNAL STORE;
+ ADMINISTER KEY MANAGEMENT SET KEY FORCE KEYSTORE IDENTIFIED BY EXTERNAL STORE CONTAINER = ALL;
exit;
````
@@ -67,4 +67,9 @@ This lab builds on concepts and operations from lab 9. Complete lab 9 first befo
```
- 
\ No newline at end of file
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Daniel Wu, Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab11.md b/database/advanced/key-vault/key-vault-Lab11.md
index 33978ac3..396cdf31 100644
--- a/database/advanced/key-vault/key-vault-Lab11.md
+++ b/database/advanced/key-vault/key-vault-Lab11.md
@@ -14,7 +14,7 @@ This lab builds on concepts and operations from lab 10. Complete lab 10 first be
## Task 1: Generate a key external to Oracle Key Vault
-1. Write your key to a file
+1. Write your key to a file
In this example, we use openssl to generate TDE Master Encryption Key. You can use other means to generate this key.
@@ -27,7 +27,7 @@ This lab builds on concepts and operations from lab 10. Complete lab 10 first be
## Task 2: Upload the key to Oracle Key Vault
-1. Log in to Key Vault as user **KVRESTADMIN**
+1. Log in to Key Vault as user **KVRESTADMIN**
Get the password of KVRESTADMIN by executing this command
@@ -94,4 +94,9 @@ This lab builds on concepts and operations from lab 10. Complete lab 10 first be
```
- 
\ No newline at end of file
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab12.md b/database/advanced/key-vault/key-vault-Lab12.md
index 57fb4629..1f7498ff 100644
--- a/database/advanced/key-vault/key-vault-Lab12.md
+++ b/database/advanced/key-vault/key-vault-Lab12.md
@@ -290,3 +290,8 @@ A Key Vault cluster provides continuous availability of your keys to ensure unin
This section highlights how many read-write pairs are part of the cluster as well as the cluster service status. For now, there is just one node that we setup.
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab4.md b/database/advanced/key-vault/key-vault-Lab4.md
index b0ea2fec..a887bcf0 100644
--- a/database/advanced/key-vault/key-vault-Lab4.md
+++ b/database/advanced/key-vault/key-vault-Lab4.md
@@ -27,25 +27,30 @@ cd $DBSEC_LABS/okv
The script will display the output:
1. The system parameters controlling the behavior of TDE in your database:
-- The default algorithm is AES256
-- Newly created tablespaces will be encrypted by default
-- The database uses a file-based wallet
-- Root directory of the database wallet, <WALLET\_ROOT>. TDE wallets are located at <WALLET\_ROOT>/tde.
+ - The default algorithm is AES256
+ - Newly created tablespaces will be encrypted by default
+ - The database uses a file-based wallet
+ - Root directory of the database wallet, <WALLET\_ROOT>. TDE wallets are located at <WALLET\_ROOT>/tde.
-
+ 
2. The file-based wallet is open, and the database can use the master keys from the wallet for TDE operations. The PDB does not show a wallet location because the database is using united mode PDBs, and the PDBs inherit their location from CDB$ROOT.
-
+ 
3. The identifier and creation time of the TDE master encryption key used by the CDB and PDB
-
+ 
4. A list of encrypted tablespaces
-
+ 
5. A list of encrypted RMAN backups
-
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab5.md b/database/advanced/key-vault/key-vault-Lab5.md
index 3ba3f183..78976375 100644
--- a/database/advanced/key-vault/key-vault-Lab5.md
+++ b/database/advanced/key-vault/key-vault-Lab5.md
@@ -13,7 +13,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
## Task 1: Enroll the incoming Oracle database into Oracle Key Vault
-1. Refresh the browser window on the right side of the remote desktop and log in to Key Vault as user **KVEPADMIN**
+1. Refresh the browser window on the right side of the remote desktop and log in to Key Vault as user **KVEPADMIN**
For the password, execute the following command
@@ -31,7 +31,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-3. Provide the endpoint details and click **Register** to create the new endpoint
+3. Provide the endpoint details and click **Register** to create the new endpoint
We recommend using LIVELABS\_DB\_EP for the **Endpoint Name**
```plaintext
@@ -49,11 +49,11 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-4. Click the newly created endpoint **LIVELABS\_DB\_EP** to see its details
+4. Click the newly created endpoint **LIVELABS\_DB\_EP** to see its details
-5. Add **LIVELABS\_DB\_WALLET** as the **Default Wallet** on the endpoint details page and click **Save**
+5. Add **LIVELABS\_DB\_WALLET** as the **Default Wallet** on the endpoint details page and click **Save**
By setting up a *default wallet*, all new keys of the database will be a part of this wallet.
@@ -65,11 +65,11 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-6. Verify that the permissions of the default wallet (LIVELABS\_DB\_WALLET) are set to 'Read, Write, Manage Wallet' by checking the **Access to Wallets** section of this page
+6. Verify that the permissions of the default wallet (LIVELABS\_DB\_WALLET) are set to 'Read, Write, Manage Wallet' by checking the **Access to Wallets** section of this page
-7. Click on the **Endpoints** tab and copy the **Enrollment Token** for **LIVELABS\_DB\_EP**
+7. Click on the **Endpoints** tab and copy the **Enrollment Token** for **LIVELABS\_DB\_EP**
@@ -79,21 +79,21 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
## Task 2: Download the Oracle Key Vault client software for this database
-1. On the database host, go to the Key Vault login page, and click on **Endpoint Enrollment and Software Download**
+1. On the database host, go to the Key Vault login page, and click on **Endpoint Enrollment and Software Download**
-2. Paste the Enrollment Token copied in step 7 of Task 1 and click **Submit Token**. You will see the endpoint details automatically populated.
+2. Paste the Enrollment Token copied in step 7 of Task 1 and click **Submit Token**. You will see the endpoint details automatically populated.
-3. Click **Enroll** to download the "okvclient.jar" file. The file is downloaded to your database host.
+3. Click **Enroll** to download the "okvclient.jar" file. The file is downloaded to your database host.
## Task 3: Deploy the Oracle Key Vault client software on the database host
-1. Set up the Key Vault endpoint home. This is the root directory for the endpoint software. Setting **OKV_HOME** allows Key Vault utilities and libraries to locate the endpoint software and configuration files.
+1. Set up the Key Vault endpoint home. This is the root directory for the endpoint software. Setting **OKV_HOME** allows Key Vault utilities and libraries to locate the endpoint software and configuration files.
```
@@ -101,7 +101,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
```
-2. Install the Key Vault software. This prompts for the endpoint connection password. We will call this the "Key Vault endpoint password".
+2. Install the Key Vault software. This prompts for the endpoint connection password. We will call this the "Key Vault endpoint password".
This is a one time step, and the installation software (okvclient.jar) is automatically deleted after a successful installation.
@@ -115,7 +115,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-3. Review the layout of the Key Vault endpoint home
+3. Review the layout of the Key Vault endpoint home
```
@@ -125,7 +125,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-4. Deploy the Key Vault library (liborapkcs.so) used by the database to communicate with Key Vault
+4. Deploy the Key Vault library (liborapkcs.so) used by the database to communicate with Key Vault
```
@@ -137,7 +137,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
## Task 4: Preparing the database for Oracle Key Vault migration
-1. Update the TDE configuration of the database to OKV|FILE
+1. Update the TDE configuration of the database to OKV|FILE
```
@@ -151,7 +151,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
## Task 5: Migrate the database to Oracle Key Vault for centralized key management
-1. Migrate the database to use Key Vault
+1. Migrate the database to use Key Vault
Use the same password for the Key Vault endpoint as used in step 2 of Task 3
@@ -178,7 +178,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-2. Migration is always a re-key (key rotation) operation. A new key is generated in Key Vault, and the data encryption keys are re-wrapped with this new key in Key Vault. For a multi-tenant database with CDB$ROOT and one PDB, two keys are created: one for CDB$ROOT and one for PDB1.
+2. Migration is always a re-key (key rotation) operation. A new key is generated in Key Vault, and the data encryption keys are re-wrapped with this new key in Key Vault. For a multi-tenant database with CDB$ROOT and one PDB, two keys are created: one for CDB$ROOT and one for PDB1.
Enter the Key Vault endpoint password when prompted.
@@ -190,7 +190,7 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
-3. Verify the database configuration post-migration to Key Vault
+3. Verify the database configuration post-migration to Key Vault
```
@@ -202,4 +202,9 @@ This lab builds on concepts and operations from lab 4. Complete lab 4 first befo
- In the TDE configuration parameters, the KEYSTORE_CONFIGURATION now says OKV|FILE
- In the wallet status, you'll see the wallet of type OKV is open
- 
\ No newline at end of file
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab6.md b/database/advanced/key-vault/key-vault-Lab6.md
index 65c85951..0d4243ac 100644
--- a/database/advanced/key-vault/key-vault-Lab6.md
+++ b/database/advanced/key-vault/key-vault-Lab6.md
@@ -25,7 +25,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
2. Set the TDE_CONFIGURATION of the database to "OKV"
@@ -37,7 +37,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
3. To ensure security, delete the local TDE wallet from <WALLET_ROOT>/tde
@@ -48,4 +48,9 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab7.md b/database/advanced/key-vault/key-vault-Lab7.md
index e360eb1f..26a8e5eb 100644
--- a/database/advanced/key-vault/key-vault-Lab7.md
+++ b/database/advanced/key-vault/key-vault-Lab7.md
@@ -23,7 +23,7 @@ This lab builds on concepts and operations from lab 6. Complete lab 6 first befo
````
- 
+ 
2. Update the Transparent Data Encryption (TDE) configuration of the database to 'OKV|FILE' so it can locate the new auto-login wallet in the specified <WALLET_ROOT>/tde directory.
@@ -66,4 +66,9 @@ This lab builds on concepts and operations from lab 6. Complete lab 6 first befo
```
- 
\ No newline at end of file
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab8.md b/database/advanced/key-vault/key-vault-Lab8.md
index 471ab152..9c9c9937 100644
--- a/database/advanced/key-vault/key-vault-Lab8.md
+++ b/database/advanced/key-vault/key-vault-Lab8.md
@@ -1,4 +1,4 @@
-# Ensure reliable data access during connectivity disruptions
+# Ensure reliable data access during disruptions in connectivity between the database and Oracle Key Vault
## Introduction
Oracle Key Vault cluster deployment ensures continuous availability during server failures, but connectivity disruptions may still pose a problem. How do you handle network disruptions between your databases and the Key Vault cluster? Key Vault's secure persistent cache ensures your databases continue operating smoothly, even during connectivity issues.
@@ -23,7 +23,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
## Task 2: Simulate network outage
@@ -51,7 +51,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
The retrieval of key IDs from Key Vault will fail because the network connection between the database and the Key Vault server is disconnected.
- 
+ 
## Task 3: Confirm database resilience with persistent cache by creating a new encrypted tablespace
@@ -65,7 +65,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
2. Verify the new tablespace was created
@@ -77,7 +77,7 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
## Task 4: Re-establish connectivity between the database and Key Vault
@@ -99,4 +99,9 @@ This lab builds on concepts and operations from lab 5. Complete lab 5 first befo
````
- 
+ 
+
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/key-vault/key-vault-Lab9.md b/database/advanced/key-vault/key-vault-Lab9.md
index fdc98b58..ac5fe456 100644
--- a/database/advanced/key-vault/key-vault-Lab9.md
+++ b/database/advanced/key-vault/key-vault-Lab9.md
@@ -1,4 +1,4 @@
-# Enhance security with key management in vulnerable environments
+# Restrict key exposure in target environments (like P2T clones)
## Introduction
You may need to share data with environments operating under lower security controls, such as when cloning a PDB from production to test (P2T). It is crucial to ensure that TDE master encryption keys are never exposed, downloaded, or cached in these environments. To enhance security, mark these keys as non-extractable in Oracle Key Vault.
@@ -13,7 +13,7 @@ This lab builds on concepts and operations from lab 8. Complete lab 8 first befo
## Task 1: Generate a Non-Extractable key
-1. Log in to Key Vault as user **KVRESTADMIN**
+1. Log in to Key Vault as user **KVRESTADMIN**
Get the password of KVRESTADMIN by executing this command
@@ -33,7 +33,7 @@ This lab builds on concepts and operations from lab 8. Complete lab 8 first befo
-4. On the database host, set a new Transparent Data Encryption Key. The new key created in Key Vault will be generated with the 'Non Extractable' attribute set
+4. On the database host, set a new Transparent Data Encryption Key. The new key created in Key Vault will be generated with the 'Non Extractable' attribute set
```
@@ -67,7 +67,7 @@ This lab builds on concepts and operations from lab 8. Complete lab 8 first befo
````
- 
+ 
## Task 3: Attempt to create a new tablespace to confirm that database operations fail even when the secure persistent cache exists
@@ -85,7 +85,7 @@ This lab builds on concepts and operations from lab 8. Complete lab 8 first befo
The creation of an encrypted tablespace fails because the non-extractable key cannot exist in the persistent cache, and the database cannot fetch it from Key Vault since the connection was disconnected in Task 2. This underscores that non-extractable keys cannot be accessed outside of Key Vault and that this deployment can be leveraged to provide higher levels of assurance in environments with a lower security posture.
- 
+ 
## Task 4: Re-establish connectivity between the database and Key Vault
@@ -108,5 +108,9 @@ This lab builds on concepts and operations from lab 8. Complete lab 8 first befo
````
- 
+ 
+## Acknowledgements
+- **Author** - Shubham Goyal
+- **Contributors** - Peter Wahl, Rahil Mir
+- **Last Updated By/Date** - Shubham Goyal - March 2026
\ No newline at end of file
diff --git a/database/advanced/workshops/desktop-key-vault/manifest.json b/database/advanced/workshops/desktop-key-vault/manifest.json
index 1000f7b8..41d3a876 100644
--- a/database/advanced/workshops/desktop-key-vault/manifest.json
+++ b/database/advanced/workshops/desktop-key-vault/manifest.json
@@ -62,14 +62,14 @@
"type": "green"
},
{
- "title": "Lab 8: Ensure reliable data access during connectivity disruptions",
+ "title": "Lab 8: Ensure reliable data access during disruptions in connectivity between the database and Oracle Key Vault",
"description": "See how OKVs secure persistent cache keeps your databases running",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab8.md",
"type": "green"
},
{
- "title": "Lab 9: Enhance security with key management in vulnerable environments",
+ "title": "Lab 9: Restrict key exposure in target environments (like P2T clones)",
"description": "Learn how OKV can restrict access of your keys to environments with lower security controls",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab9.md",
diff --git a/database/advanced/workshops/freetier-key-vault/manifest.json b/database/advanced/workshops/freetier-key-vault/manifest.json
index d81f8c5e..bd4afded 100644
--- a/database/advanced/workshops/freetier-key-vault/manifest.json
+++ b/database/advanced/workshops/freetier-key-vault/manifest.json
@@ -62,14 +62,14 @@
"type": "brown"
},
{
- "title": "Lab 8: Ensure reliable data access during connectivity disruptions",
+ "title": "Lab 8: Ensure reliable data access during disruptions in connectivity between the database and Oracle Key Vault",
"description": "See how OKVs secure persistent cache keeps your databases running",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab8.md",
"type": "brown"
},
{
- "title": "Lab 9: Enhance security with key management in vulnerable environments",
+ "title": "Lab 9: Restrict key exposure in target environments (like P2T clones)",
"description": "Learn how OKV can restrict access of your keys to environments with lower security controls",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab9.md",
diff --git a/database/advanced/workshops/livelabs-key-vault/manifest.json b/database/advanced/workshops/livelabs-key-vault/manifest.json
index 1000f7b8..41d3a876 100644
--- a/database/advanced/workshops/livelabs-key-vault/manifest.json
+++ b/database/advanced/workshops/livelabs-key-vault/manifest.json
@@ -62,14 +62,14 @@
"type": "green"
},
{
- "title": "Lab 8: Ensure reliable data access during connectivity disruptions",
+ "title": "Lab 8: Ensure reliable data access during disruptions in connectivity between the database and Oracle Key Vault",
"description": "See how OKVs secure persistent cache keeps your databases running",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab8.md",
"type": "green"
},
{
- "title": "Lab 9: Enhance security with key management in vulnerable environments",
+ "title": "Lab 9: Restrict key exposure in target environments (like P2T clones)",
"description": "Learn how OKV can restrict access of your keys to environments with lower security controls",
"publisheddate": "10/01/2025",
"filename": "../../key-vault/key-vault-Lab9.md",