11318 (#166)

* add lab

* Redacting REST calls with ORDS

* Update manifest.json

* Update manifest.json

* Change images file name

* Replaced Lab

* ack change

* Ack 2

* Delete create-schemas-load-data.md

* Update create-schemas-load-data.md

* Update db-actions.png

* Update create-schemas-load-data.md

* Update create-schemas-load-data.md

* Update introduction.md

* Updated Theme

* Added Queries to copy/paste

* Update use-redaction-anonymize-restcalls.md

* Suggested Changes from LL team

* Name change for atp image

* Name change in manifest

* Post Prod change

* Update use-redaction-anonymize-restcalls.md

* Update create-schemas-load-data.md

* name changes for images

* more changes

* more

* Update manifest.json

* Update manifest.json

* file name

* Update manifest.json

* More

* Formatting

* changes

* changes

* changes

* Screenshots changes

* proceed to next lab text

* PR-2 changes

* Update use-redaction-anonymize-all-restcalls-and-queries.md

* changes

change

* rest call lab changes

* More Changes

* changes

* Update use-redaction-anonymize-all-restcalls-and-queries.md

Removed extra updated by line.

* Update use-redaction-to-anonymize-only-restcalls.md

* Update reset-your-environment.md

* Update reset-your-environment.md

* Add files via upload

* Update reset-your-environment.md

* Add files via upload

* Update reset-your-environment.md

* Update reset-your-environment.md

* Add files via upload

* Update reset-your-environment.md

* Update reset-your-environment.md

* Add files via upload

* Update reset-your-environment.md

---------

Co-authored-by: JohnAOracle <160074014+JohnAOracle@users.noreply.github.com>

database/advanced/key-vault/key-vault.md

@@ -3,7 +3,7 @@
 ## Introduction
 This workshop introduces the various features and functionality of Oracle Key Vault (OKV). It gives the user an opportunity to learn how to configure this appliance to manage keys.
 
-*Estimated Lab Time:* 55 minutes
+*Estimated Lab Time:* 60 minutes
 
 *Version tested in this lab:* Oracle OKV 21.7
 
@@ -566,7 +566,45 @@ Oracle provides deployment recommendations for deployments that have two or more
 
 -->
 
-## Task 9: Reset the OKV Lab Config
+## Task 9: Generate new Non-extractable key
+
+This task will demonstrate how to create a non-extractable key, meaning a key that does not leave the Oracle Key Vault cluster. The key can be accessed by the approved endpoints but not stored by the endpoint client or the endpoint persistent cache.
+
+1. Generate a new master encryption key for the PDB using the following command:
+    ````
+    <copy>./okv_online_pdb_rekey.sh pdb1</copy>
+    ````
+    ![Generate Key](./images/gen-new-key.png "Key Vault")
+Take note of the tag information so you can identify this key in future steps.
+2. Verify we have the new master encryption key using the following command:
+    ````
+    <copy>echo Oracle123 | okvutil list -a</copy>
+    ````
+3. Identify the MKID from the command in the previous step. Take note that the current extractable value is set to true, meaning it can be stored by the endpoint client software.
+    ![Identify Key](./images/id-key.png "Key Vault")
+4. As KVRESTADMIN, navigate to the Keys & Wallets tab, click <x> and press <y>. Find that key in the OKV UI , mark it so that the extractable value is false and click Save.
+    ![Show UI Key](./images/ui-key.png "Key Vault")
+5. Run the following command again to see that the key is now marked as extractable = false:
+    ````
+    <copy>echo Oracle123 | okvutil list -a</copy>
+    ````
+    ![Find Key](./images/find-key.png "Key Vault")
+
+6. Attempt to download the wallet keys with okvutil. You will see that the okvutil is able to create an ewallet.p12 file but that file cannot contain the non-extractable key. 
+    ````
+    <copy>okvutil download -l . -t wallet</copy>
+    ````
+    Enter the following for the wallet password:
+    ````
+    <copy>Oracle123</copy>
+    ````
+    Enter the following for the Endpoint password:
+    ````
+    <copy>Oracle123</copy>
+    ````
+    ![Download Key](./images/download-key.png "Key Vault")
+
+## Task 10: Reset the OKV Lab Config
 
 1. Drop the Endpoint and Wallet created in OKV during this lab
 

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/create-schemas-load-data/create-schemas-load-data.md → database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/configure-the-autonomous-database-environment/configure-the-autonomous-database-environment.md

@@ -100,7 +100,7 @@ This lab assumes you have:
 
     ![Toggle web access on](images/web-access.png)
 
-12. Open the **Database Actions** portal for `EMPLOYEESEARCH_PROD`.
+12. Open the **Database Actions** portal for `EMPLOYEESEARCH_PROD` by copying the URL and pasting in a new incognito window.
 
     ![Open db actions as emp](images/db-actions-emp.png)
 
@@ -120,4 +120,4 @@ You may now **proceed to the next lab.**
 
 - **Authors** - Alpha Diallo & Ethan Shmargad, North America Specialists Hub
 - **Creator** - Pedro Lopes, Database Security Product Manager
-- **Last Updated By/Date** - Alpha Diallo & Ethan Shmargad, February 2023
+- **Last Updated By/Date** - Alpha Diallo & Alexander John, February 2024

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/reset-your-environment/reset-your-environment.md

@@ -4,14 +4,17 @@
 
 In this lab, we will show you how to teardown your Autonomous Database instance. This will reset your environment to as it was before.
 
-Estimated Time: 2 minutes
+Estimated Time: 4 minutes
 
 ### Objectives
 
 In this lab, you will complete the following tasks:
 
-- Terminate the Autonomous Database instance.
-
+- Drop the Audit and Redaction Policy
+- Drop EMPLOYEESEARCH_PROD schema and objects
+- Verify the schema, the redaction policy, and the unified audit policy have been removed
+- Terminate your ADB Instance
+
 ### Prerequisites
 
 This lab assumes you have:
@@ -20,23 +23,96 @@ This lab assumes you have:
 
 *Warning: Terminating resources may take a few minutes*
 
-## Task 1: Terminate the Autonomous Database instance
+## Task 1: Drop Audit policy and then the Redaction policy.
+1. Since our Unified Audit policy has served its purpose, we can drop it as we do not need to audit every single SELECT statement. As **ADMIN**, run the following script:
+
+    ```
+    <copy>
+    noaudit policy audit_hr_select;
+    drop AUDIT POLICY audit_hr_select;
+    /</copy>   
+    ```
+
+    ![Drop Audit Policy](images/drop-aud-pol.png)
+   
+2. Navigate back to the **SQL window** for `EMPLOYEESEARCH_PROD` and **drop the redaction policy**.
+    
+    ```
+    <copy>BEGIN
+            dbms_redact.drop_policy (
+            object_schema => 'EMPLOYEESEARCH_PROD',
+            object_name   => 'DEMO_HR_EMPLOYEES',
+            policy_name   => 'redact_emp_info'
+            );
+        end;
+    /</copy>   
+    ```
+    ![Drop](images/drop.png)
+
+## Task 2: Drop the EMPLOYEESEARCH_PROD schema and objects
+
+1. As **ADMIN**, navigate to the Database users
+
+    ![Database users](images/Nav_to_users.png)
+
+2. Click the 3 dots on **EMPLOYEESEARHC_PROD** and click **Delete**
+
+    ![Three_dots](images/Delete.png)
+
+3. Choose **Cascade** and **Drop REST Services**
+
+    ![Cascade_Drop](images/Check.png)
+
+4. Delete user
+
+## Task 3: Verify the schema, the Redaction Policy, and the Unified Audit Policy have been removed
+
+1. As **ADMIN** in SQL Worksheet, perform the following query to make sure the user has been deleted
+select * from dba_users where username = 'EMPLOYEESEARCH_PROD';
+
+   ```
+      <copy>
+      select * from dba_users where username = 'EMPLOYEESEARCH_PROD';
+      /</copy>   
+    ```
+  ![Delete Employee](images/delete_employee.png)
+
+2. As **ADMIN** in SQL Worksheet, verify the unified audit policy has been deleted.
+select * from AUDIT_UNIFIED_POLICIES where policy_name = 'AUDIT_HR_SELECT';
+
+   ```
+      <copy>
+     select * from AUDIT_UNIFIED_POLICIES where policy_name = 'AUDIT_HR_SELECT';
+      /</copy>   
+    ```
+  ![Verify Audit](images/verify_audit.png)
+
+3. As **ADMIN** in SQL Worksheet, verify the Oracle Data redaction policy has been deleted"
+select * from redaction_policies where policy_name = 'REDACT_EMP_INFO';
 
-1. Navigate back to your **Autonomous Database** instance page on OCI.
+   ```
+      <copy>
+     select * from redaction_policies where policy_name = 'REDACT_EMP_INFO';
+      /</copy>   
+    ```
+  ![Verify Redaction](images/verify_redaction.png)
+  
+## Task 4: Terminate the Autonomous Database Instance
 
-    ![ADB page](images/adb-page.png)
+1. Navigate back to your Autonomous Database instance page on OCI.
 
-2. At the top menu bar, under **More Actions**, select **Terminate**.
+    ![Database users](images/adb-page.png)
 
-    ![More actions](images/more-actions.png)
+2. At the top menu bar, under More Actions, select Terminate.
 
-3. In the pop-up window, type in the name of your database, then select **Terminate Autonomous Database**.
+   ![More actions](images/more-actions.png)
 
-    ![Terminate adb](images/terminate.png)
+3. In the pop-up window, type in the name of your database, then select Terminate Autonomous Database.
 
+   ![Terminate adb](images/terminate.png)
 
 ## Acknowledgements
 
 - **Authors** - Alpha Diallo & Ethan Shmargad, North America Specialists Hub
 - **Creator** - Pedro Lopes, Database Security Product Manager
-- **Last Updated By/Date** - Alpha Diallo & Ethan Shmargad, February 2023
+- **Last Updated By/Date** - Alpha Diallo & Alexander John, February 2024

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/use-redaction-anonymize-all-restcalls-and-queries/use-redaction-anonymize-all-restcalls-and-queries.md

@@ -77,7 +77,7 @@ When ready, click the **Enable button** in the lower right of the slider.
 
     This is how our data looks before any redaction policy is applied.
 
-3. Add a **redaction policy** to run last name with random chars.
+3. Add a **redaction policy** to run last name with random chars as **EMPLOYEESEARCH_PROD**.
     
     ```
     <copy>begin
@@ -106,7 +106,6 @@ When ready, click the **Enable button** in the lower right of the slider.
             action              => dbms_redact.add_column,
             function_type          => DBMS_REDACT.REGEXP,
             function_parameters    => NULL,
-            expression             => '1=1',
             regexp_pattern         => DBMS_REDACT.RE_PATTERN_EMAIL_ADDRESS,
             regexp_replace_string  => DBMS_REDACT.RE_REDACT_EMAIL_NAME,
             regexp_position        => DBMS_REDACT.RE_BEGINNING,
@@ -149,8 +148,7 @@ When ready, click the **Enable button** in the lower right of the slider.
             policy_name            => 'redact_emp_info', 
             policy_description     => 'Partially redacts the salary column',
             function_type          => DBMS_REDACT.PARTIAL,
-            function_parameters    => '9,1,2',
-            expression             => '1=1');
+            function_parameters    => '9,1,2');
         END;
     /</copy>   
     ```
@@ -172,4 +170,4 @@ Congratulations, You have successfully redacted REST calls using ORDS!
 
 - **Authors** - Alpha Diallo & Ethan Shmargad, North America Specialists Hub
 - **Creator** - Pedro Lopes, Database Security Product Manager
-- **Last Updated By/Date** - Alpha Diallo & Ethan Shmargad, February 2023
+- **Last Updated By/Date** - Alpha Diallo & Alexander John, February 2024

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/use-redaction-to-anonymize-only-restcalls/use-redaction-to-anonymize-only-restcalls.md

@@ -117,31 +117,9 @@ This lab assumes you have:
     ![Run Query Again](images/re-run-qry.png)
 3. Also re-run the REST Call. The data should still be redacted.
     ![Run Query Again](./images/redacted-call.png)
-## Task 4: Drop Audit policy and then the Redaction policy.
-1. Since our Unified Audit policy has served its purpose, we can drop it as we do not need to audit every single SELECT statement. As `ADMIN`, run the following script:
-    ```
-    <copy>noaudit policy audit_hr_select;
-    drop AUDIT POLICY audit_hr_select;</copy>  
-    ```
-    ![Drop Audit Policy](images/drop-aud-pol.png)
-2. Navigate back to the **SQL window** for `EMPLOYEESEARCH_PROD` and **drop the redaction policy**.
-    
-    ```
-    <copy>BEGIN
-            dbms_redact.drop_policy (
-            object_schema => 'EMPLOYEESEARCH_PROD',
-            object_name   => 'DEMO_HR_EMPLOYEES',
-            policy_name   => 'redact_emp_info'
-            );
-        end;
-    /</copy>   
-    ```
-    ![Drop](images/drop.png)
-
-You may now **proceed to the next lab.**
 
 ## Acknowledgements
 
 - **Authors** - Alpha Diallo & Ethan Shmargad, North America Specialists Hub
 - **Creator** - Pedro Lopes, Database Security Product Manager
-- **Last Updated By/Date** - Alpha Diallo & Ethan Shmargad, February 2023
+- **Last Updated By/Date** - Alpha Diallo & Alexander John, February 2024

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/workshops/desktop/manifest.json

@@ -15,7 +15,7 @@
    {
       "title": "Lab 1: Configure the Autonomous Database environment",
       "description": "",
-      "filename": "../../create-schemas-load-data/create-schemas-load-data.md"
+      "filename": "../../configure-the-autonomous-database-environment/configure-the-autonomous-database-environment.md"
    },
    {
       "title": "Lab 2: Use Redaction to anonymize all REST Get calls and queries",

database/protect-sensitive-data-in-rest-get-calls-using-oracle-data-redaction/workshops/tenancy/manifest.json

@@ -15,7 +15,7 @@
       {
          "title": "Lab 1: Configure the Autonomous Database environment",
          "description": "",
-         "filename": "../../create-schemas-load-data/create-schemas-load-data.md"
+         "filename": "../../configure-the-autonomous-database-environment/configure-the-autonomous-database-environment.md"
       },
       {
          "title": "Lab 2: Use Redaction to anonymize all REST Get calls and queries",