Deleting Key References
Delete a key reference which is a non-recoverable action in OCI vault.
The delete operation for key references is a non-recoverable action. However, when you delete a key reference on KMS, this operation does not delete the actual key in the CCKM. OCI KMS does not allow immediate deletion of the key reference. The operation is in pending deletion state (minimum 7 days) to prevent accidental key reference deletion. Also, key reference deletion follows the same deletion pattern of an external key in CCKM.
This task can't be performed using the Console.
Open a command prompt and run
oci kms management key schedule-deletion
to delete a key reference:oci kms management key schedule-deletion –external-key-reference-id <target_key_id> --endpoint <control_plane_url>
Avoid entering confidential information.
For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.
Run the
ScheduleKeyDeletion
operation to delete a key reference.For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.