Moving Key to a Different Compartment

Moving a key to a different compartment in the OCI Vault service.

• Console
• CLI
• API

• 1. Open the navigation menu, click Identity & Security, and then click Vault.
  2. Under List scope, select a compartment that contains vault that you want to move.
  3. On the Vaults page, click the name of the vault to open its details page.
  4. On the Vault Details page, click Master Encryption Key under Resources and click the name of key to open the details page.
  5. On the Key Details page, click Move resource.
  6. In the Move resource dialog box, select the destination compartment and then click Move resource.

• Open a command prompt and run oci kms management key change-compartment to move a master encryption key from one compartment to another within the same tenancy:

  oci kms management key change-compartment --key-id <target_key_id> --compartment-id <new_compartment_id>

  For example:

  
  oci kms management key change-compartment --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz	

  For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

• Run the ChangeKeyCompartment operation to change the compartment using the KMSMANAGMENT endpoint.

  Note
  
  Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.