Oracle Cloud Infrastructure Documentation

Creating a Vault

Create a vault for External Key Management.

To create a vault, you will need the following details.
  • The external vault endpoint URL
  • Private endpoint OCID
  • Oauth metadata (IDCS URL, client application ID and client application secret)
Note

You must associate the confidential client app to identity domain, and this app is bound to confidential resource app (external key management) for authorization
    1. Open the Oracle Cloud Console navigation menu and click Identity & Security. Under Key Management and Secret Management, click External Key Management.
    2. In the External key Management home page, click Create Vault.
    3. In the Create Vault page, provide the following details:
      • Name. Enter a name for the vault.
      • Description. Provide a short description.
      • Create in Compartment. Choose a compartment for the OCI KMS vault.
      • IDCS Account Name UR. Enter the authentication URL that you use to access your KMS service, and you are redirected to a sign-in screen.
      • Key Manager Vendor. Choose a third-party vendor that deploys key management service. For now, OCI KMS supports only Thales as the external key management vendor.
      • Client application ID. Enter the OCI KMS client ID generated when you register the confidential client application in Oracle Identity Domain.
      • Client application secret. Enter the Secret ID of the confidential client application registered in the Oracle Identity Domain.
      • Private endpoint in compartment. Choose the private endpoint GUID of the external key management.
      • External Vault URL. Enter the vault URL that was generated when you created vault in external key management.
    4. Click Create.

      Once you create the vault, you can access the Vault Details page to see the status set as "ACTIVE."

      You can use the actions at the page top to rename, move resource, add tags, or delete vault. For more information, see Move Vault, Add TagsDelete Vault, and Cancel Vault Deletion.

  • Open a command prompt and run oci kms management vault create to create a new vault:

    oci kms management vault create –external-key-manager-metadata

    For example:

    
oci kms management vault create vault-1

    Avoid entering confidential information.

    For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.

  • Run the Vault operation to create a new vault.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.