Oracle Cloud Infrastructure Documentation

Getting a Vault Key's Details

Get information about a specific master encryption key.

    1. Open the navigation menu, click Identity & Security, and then click Vault.
    2. Under List scope, select the compartment that contains the key.
    3. From the list of vaults in the compartment, click a vault name.
    4. Click Master Encryption Key, and then click the name of the key to open its details page.
    The Key Information section displays the following information:
    • OCID: The unique, Oracle-assigned ID of the key.
    • Created: The date and time when you initially created the key.
    • Compartment: The name of the compartment that contains the key.
    • Vault: The name of the vault that contains the key.
    • Algorithm: Specifies the algorithm selected at the time of creation.
    • Length: Specifies the key length defined at the time of creation.
    • Auto rotation: Specifies whether the auto rotation setting is enabled or disabled for the key.
    • Last successful auto rotation: The date and time of the last successful auto rotation for the key.
    • Next auto rotation: The date and time when the key is eligible for the next scheduled rotation.

  • Open a command prompt and run oci kms management key rotate to rotate a key

    oci kms management key get [OPTIONS]

    For example:

    oci kms management key create --generate-param-json-input key-shape > key-shape.json

    Cryptographic operations involving objects that were encrypted with the previous version of this key will continue to use the older key version. You can re-encrypt those objects with the current key version if you prefer.

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the GetKey operation to get the list of master encryption keys in the specified vault and compartment using the KMSMANAGMENT endpoint.

    Note

    Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.