Creating a Private Endpoint
Create a Private Endpoint for external key management resource.
You can configure a private endpoint to represent the external key management resource in the VCN and access the OCI KMS service.
Note
Ensure you explicitly delete failed Private Endpoints to overcome memory allocation issue. If this issue persists, it might limit exhaustion even when no active private endpoints exist.
Ensure you explicitly delete failed Private Endpoints to overcome memory allocation issue. If this issue persists, it might limit exhaustion even when no active private endpoints exist.
Open a command prompt and run
ooci kms ekm ekms-private-endpoint create
to create a new private endpoint:oci kms ekm ekms-private-endpoint create --ca-bundle <bundle_type> --compartment-id <compartment_id>| -c <secret_name> --display-name <name> --xternal-key-manager-ip <ip address> --subnet-id, <subnet_id> --defined-tags <tags> --freeform-tags<tags>
For example:
--ca-bundle "-----BEGIN CERTIFICATE-----\nMIIFrjCCA5agAwIBAgIQAsMYA04ijAErxlDri 6cIa/\n-----END CERTIFICATE-----", --compartment-id "ocid1.compartment.region1..aaaaaaaaiexample6mjdbzlsxf576zgtlbi3", --display-name "Example EKMS PE", --external-key-manager-ip 1.2.3.4, --subnet-id "ocid1.subnet.region1.sea.aaaaaaexamplenpse5gupw56s5", --freeform-tags {"key": "value"}, --port 6758
Avoid entering confidential information.
For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.
Run the
CreateEkmsPrivateEndpoint
operation to create private endpoint for connecting External KMS to Thales CipherTrust Manager.Note
Each region has a unique endpoint for create, update, and list operations for secrets. This endpoint is referred to as the control plane URL or secret management endpoint. Each region also has a unique endpoint for operations related to retrieving secret contents. This endpoint is known as the data plane URL or the secret retrieval endpoint. For regional endpoints, see the API Documentation.For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.