Vault
Vault
Key Management
Key and Secret Management Concepts
Regions and Availability Domains
Private Access to Vault
Resource Identifiers
Ways to Access Oracle Cloud Infrastructure
Authentication and Authorization
Limits on Vault Resources
Managing Vaults
Required IAM Policy
Tagging Resources
Moving a Vault to a Different Compartment
Creating a Vault
Using the Console
Using the CLI
Using the API
Updating a Vault
Using the Console
Using the CLI
Using the API
Add Vault Tags
Using the Console
Using the CLI
Using the API
Getting a Vault's Details
Using the Console
Using the CLI
Using the API
Moving a Vault to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a Vault
Using the Console
Using the CLI
Using the API
Canceling a Vault Deletion
Using the Console
Using the API
Using the CLI
Listing the Vault
Using the Console
Using the CLI
Using the API
Managing Keys
Required IAM Policy
Tagging Resources
Monitoring Resources
Moving Resources to a Different Compartment
Getting a Vault Key's Details
Using the Console
Using the CLI
Using the API
Creating a Master Encryption Key
Using the Console
Using the CLI
Using the API
Listing Master Encryption Keys
Using the Console
Using the CLI
Using the API
Rotating a Vault Key
Using the Console
Using the CLI
Using the API
Viewing Vault Key Summary
Using the Console
Using the CLI
Using the API
Viewing Vault Key Versions
Using the Console
Using the CLI
Using the API
Updating a Vault Key
Using the Console
Using the CLI
Using the API
Updating Auto Key Rotation Details
Using the Console
Using the CLI
Using the API
Viewing Key Tags
Adding Key Tags
Using the Console
Using the CLI
Using the API
Disabling a Vault Key
Using the Console
Using the CLI
Using the API
Enabling a Vault Key
Using the Console
Using the CLI
Using the API
Moving Key to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a Vault Key
Using the Console
Using the CLI
Using the API
Canceling a Master Encryption Key Deletion
Using the Console
Using the CLI
Using the API
Assigning Master Encryption Keys
Required IAM Policy
Creating a Compute Instance with an Encrypted Boot Volume
Using the Console
Using the CLI
Using the API
Creating a Boot Volume Encrypted with a Vault key
Using the Console
Using the CLI
Using the API
Creating a Kubernetes Cluster with Encrypted Secrets
Using the Console
Using the CLI
Using the API
Assigning a Key to an Object Storage Bucket
Using the Console
Using the CLI
Using the API
Assigning a key to a stream pool
Using the Console
Using the CLI
Using the API
Assigning a Key to a Boot Volume
Using the Console
Using the CLI
Using the API
Assigning a key to a File System
Using the Console
Using the API
Using the CLI
Assigning a Key to a Block Volume
Using the Console
Editing a key to an Object Storage bucket
Using the Console
Using the CLI
Using the API
Editing a Key to a Block Volume
Using the Console
Using the CLI
Using the API
Removing a Key Assignment from a Block Volume
Using the Console
Using the CLI
Using the API
Removing a Key Assignment from a Object Storage
Using the Console
Using the CLI
Using the API
Removing a Key Assigned to an Stream Pool
Using the Console
Importing Vault Keys and Key Versions
Required IAM Policy
Before You Begin
Importing Symmetric Keys
Getting the Public RSA Wrapping Key
Using the Console
Using the CLI
Using the API
Applying RSA-OAEP to Wrap the Key Material
Using the CLI
Importing Key Material as an External Key
Using the Console
Using the CLI
Using the API
Importing Key Material as an External Key Version
Using the Console
Using the CLI
Using the API
Importing AES Key as a External Key (Script)
Importing AES Key as an External Key Version (Script)
Configuring OpenSSL Patch to Wrap Key Material
Importing Asymmetric Keys
Configuring OpenSSL Patch to Wrap Key Material
Getting Public RSA Wrapping Key
Using the Console
Using the CLI
Using the API
Applying RSA-OAEP with AES to Wrap Key Material
Using the CLI
Importing Key Material as an External Key
Using the Console
Using the CLI
Using the API
Importing Key Material as an External Key Version
Using the Console
Using the CLI
Using the API
Importing RSA Key as an External key (Script)
Importing RSA Key as an External Key Version (Script)
Exporting Vault Keys and Key Versions
Required IAM Policy
Before You Begin
Exporting a Software-protected key by Applying RSA-OAEP without Temporary AES Key
Using the CLI
Exporting a Software-protected key by Applying RSA-OAEP with Temporary AES Key
Using the CLI
Using Master Encryption Keys
Required IAM Policy
Monitoring Resources
Viewing Asymmetric Public key
Using the Console
Using the CLI
Generating Data Encryption Key from Master Key key
Using the Console
Using the CLI
Using the API
Encrypting Data using Master Encryption Key
Using the Console
Using the CLI
Using the API
Decrypting Data Using Master Encryption Key
Using the Console
Using the CLI
Using the API
Signing Data Using Master Encryption Key
Using the Console
Using the CLI
Using the API
Verifying Signed Data Using Master Encryption Key
Using the Console
Using the CLI
Using the API
Backing Up and Restoring Vaults and Keys
How It Works
Required IAM Policy
Backing up a Vault
Using the Console
Using the CLI
Using the API
Backing up a Vault Key
Using the Console
Using the CLI
Using the API
Restoring Vault from a Backup
Using the Console
Using the CLI
Using the API
Restoring a key
Using the Console
Using the CLI
Using the API
Updating Vault from a Backup
Using the Console
Updating a key from a Backup
Using the Console
Viewing a Work Request for Backup and Restore Operation
Using the Console
Replicating Vaults and Keys
Required IAM Policy
Replicating a Vault and Keys
Using the Console
Viewing Replicated Vault Details
Using the Console
Viewing Replicated Keys
Using the Console
Deleting a Vault Replica
Using the Console
Using the API
Using the CLI
Policy Regulatory Compliance Control
Dedicated KMS
Terminologies
Getting Started
Provisioning an HSM Cluster
Increasing Cluster Limit
Creating an HSM Cluster
Using the Console
Using the CLI
Using the API
Initializing an HSM Cluster
Downloading Certificate Signed Request (CSR)
Using the Console
Using the CLI
Using the API
Signing the CSR
Uploading Certificates Generated from CSR
Using the Console
Using the CLI
Using the API
Activating an HSM Cluster
Listing HSM Clusters
Using the GUI
Using the CLI
Using the API
Managing HSM Clusters
Getting HSM Cluster Details
Using the Console
Using the CLI
Using the API
Moving an HSM Cluster Resource
Using the Console
Using the CLI
Using the API
Renaming an HSM Cluster
Using the Console
Using the CLI
Using the API
Scheduling Deletion of an HSM Cluster
Using the Console
Using the CLI
Using the API
Canceling Scheduled Deletion of an HSM Cluster
Using the Console
Using the CLI
Using the API
Viewing HSM Partition Details
Getting HSM Partition Details
Using the Console
Using the CLI
Using the API
Listing HSM Partition Details
Using the Console
Using the CLI
Using the API
Installing Client Components
Supported Operating Systems
Installing the Client RPM Packages
Client Component Configuration Parameters
Setting up HSM Cluster Client
Configuring Client Daemon
Configuring User Management Utility
Configuring Key Management Utility
Getting HSM Cluster DNS Name
Using the Console
Using the CLI
Using the API
Getting HSM Partition Port Details
Using the Console
Using the CLI
Using the API
Getting PRECO Credentials
Using the Console
Using the CLI
Using the API
Starting Client Daemon
Starting User Management Utility
User Management Utility
User Types and Permissions
User Operations
Help
Info
Server
Logging into HSM Partition
Creating a User
Listing Users
Synchronizing a User
Deleting a User
Changing Password
Getting User Information
Getting User Challenge
Unlock CO User
Unlock CU User
Logging Out of HSM
Getting Key Info
Getting Key Diff Map
Getting User Diff Map
Finding All Keys
Storing Fixed Key
Synchronizing a key
Modifying Key Owner
Listing Key Attributes
Getting Key Attribute
Setting Cryto User Attributes
Setting Key Attributes
Listing User Authentication Public Key
Registering Authentication Public Key
De-registering Authentication Public Key
Setting User Authentication Public Key
Updating User Authentication Public Key
Resetting User Authentication Public Key
Getting Certificate
Getting HSM Partition Information
Reconnect
Exit
Quit
Key Management Utility
Single Command Mode
Interactive Mode
Login HSM
Listing Users
Generating Keys
Generating AES Symmetric Key
Generating ECC Key Pair
Listing ECC Curve IDs
Generating RSA Key Pair
Importing and Exporting Keys
Exporting a Public Key
Exporting a Symmetric Key
Importing a Public Key
Export Private Key
Importing a Private Key
Importing a Symmetric Key
Getting Key Info
Finding a Key
Finding a Single Key
Getting Cavium Private Key
Extracting Masked Object
Injecting Masked Object
Setting Key Attributes
Listing Key Attributes
Getting Key Attribute
Deleting a Key
Wrapping a Key
Unwrapping a Key
Error2String
IsValidKeyHandle file
Logging Out
Exit
PKCS #11 Library
Installing PKCS #11
Configuring PKCS #11
Authenticating to PKCS #11
Key Types
Crypto Operations
Sign and Verify
Generate Symmetric Key and Key Pairs
Encryption and Decryption
Digest Function
API Operations
Attribute Key Types
Security
Uninstalling Client Components
External Key Management Service
How External KMS Works
Onboarding External KMS
Deploying Cipher Trust Manager
Setting Up Networking Components
Configuring VCN
Configuring Subnet
Creating Internet Gateway
Creating a Routing Table
Creating a Security List
Setting up FastConnect for Colocation
Setting up TLS Connectivity
Setting up Connectivity using Static IP Address
Setting up Connectivity using FQDN
Creating an API Gateway
Deploying the API Gateway with FQDN Details
Setting up Private DNS Resolver
Setting Up Authentication and Authorization
Registering Identity Provider
Creating Confidential Resource App
Associating Confidential Client Application
Configuring IAM Policies
Creating a Private Endpoint
Using the Console
Using the CLI
Using the API
Getting a Private Endpoint Details
Using the Console
Using the CLI
Using the API
Modifying a Private Endpoint
Using the Console
Using the CLI
Using the API
Deleting a Private Endpoint
Using the Console
Using the CLI
Using the API
Managing Vault
Creating a Vault
Using the Console
Using the CLI
Using the API
Renaming a Vault
Using the Console
Using the CLI
Using the API
Managing Key References
Prerequisites
Creating Key References
Using the Console
Using the CLI
Using the API
Renaming Key References
Using the Console
Using the CLI
Using the API
Moving Key References
Using the Console
Using the CLI
Using the API
Adding Key Reference Tags
Using the Console
Using the CLI
Using the API
Disabling Key References
Using the Console
Using the CLI
Using the API
Deleting Key References
Using the console
Using the CLI
Using the API
Cancelling Deletion of a Key Reference
Using the Console
Using the CLI
Using the API
Creating Key Reference Version
Using the Console
Using the CLI
Using the API
Using Key References
Encrypting Data
Decrypting Data
Generating Data Encryption Key (DEK)
Managing Vault Secrets
Secret Versions and Rotation States
Before You Begin
Required IAM Policy
Tagging Resources
Monitoring Resources
Moving Resources to a Different Compartment
Creating a Secret in a Vault
Using the Console
Using the CLI
Using the API
Updating a Secret in Vault
Using the Console
Using the CLI
Using the API
Getting a Secret's Details
Using the Console
Using the CLI
Using the API
Listing Secrets in a Vault
Using the Console
Using the CLI
Using the API
Viewing Secret Versions
Using the Console
Using the CLI
Using the API
Viewing Properties for All Secret Versions
Using the CLI
Updating Secret Description
Using the Console
Using the CLI
Using the API
Updating a Secret to a New Version
Using the Console
Using the CLI
Using the API
Adding Vault Secret Tags
Using the Console
Using the CLI
Using the API
Viewing Secret Tags
Using the Console
Using the CLI
Using the API
Moving a Secret to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a Secret in Vault
Using the Console
Using the CLI
Using the API
Canceling Deletion of a Secret Version
Using the Console
Using the CLI
Using the API
Canceling Deletion of a Secret
Using the Console
Using the CLI
Using the API
Promoting an Existing Secret Version to Current
Using the Console
Using the CLI
Using the API
Secret Versions
Creating a Secret Version
Using the Console
Using the CLI
Using the API
Viewing Secret Contents
Using the Console
Using the CLI
Using the API
Deleting a Secret Version
Using the Console
Using the CLI
Using the API
Secret Rules
Listing Secret Rules
Using the Console
Using the CLI
Using the API
Updating a Secret's Rule
Using the Console
Using the CLI
Using the API
Secret Work Requests
Listing Secrets in Vault Work Requests
Using the Console
Using the CLI
Using the API
Getting a Secret Work Request's Status
Using the Console
Using the CLI
Using the API
Listing a Secret Work Request's Logs
Using the Console
Using the CLI
Using the API
Listing a Secret Work Request's Errors
Using the Console
Using the CLI
Using the API
Event Notification
Troubleshooting
Creating a Secret Fails Due to Authorization or Resource Not Found
Operation Fails Due to Conflicting Vault State
Known Issues
External Key Version Returns "ExternalKeyReferenceDetails" as Null
External Key Vault Returns "ExternalKeyReferenceDetails" as Null
Create Vault Returns "Unknown Error"
Developing with the Vault Service