Importing Key Material as an External Key Version

Import key material as a new external key version using the OCI Console, CLI, and API interfaces.

    1. Open the navigation menu, click Identity & Security, and then click Vault.
    2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault with the key you want to rotate.
    3. From the list of vaults in the compartment, click the vault name.
    4. Click Master Encryption Keys, and then click the name of the master encryption key that you want to rotate to a new key version.
    5. Under Resources, click Versions, and then, in the list of keys, click Rotate Key. (You can only rotate keys in an enabled state.)
    6. In the Confirm dialog box, select the Import External Key Version check box.
    7. Under External Key Data Source, provide the file that contains the wrapped key material.
    8. When you're ready, click Rotate Key.
  • Open a command prompt and run oci kms management key-version import to import the wrapped RSA key material as a new key version for an existing key:

    
    oci kms management key-version import --key-id <key_OCID> --wrapped-import-key <wrapped_key_material>

    For example:

    oci kms management key-version import --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --wrapped-import-key file://./wrapped_import_key.json

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the ImportKeyVersion operation to import asymmetric key version.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.