Importing Key Material as an External Key Version

This section describes how to import the key material as a new external key version by using Console.

• Console
• CLI
• API

• 1. Open the navigation menu, click Identity & Security, and then click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault with the key you want to rotate.
  3. From the list of vaults in the compartment, click the vault name.
  4. Click Master Encryption Keys, and then click the name of the master encryption key that you want to rotate to a new key version.
  5. Under Resources, click Versions, and then, in the list of keys, click Rotate Key. (You can only rotate keys in an enabled state.)
  6. In the Confirm dialog box, select the Import External Key Version check box.
  7. Under External Key Data Source, provide the file that contains the wrapped key material.
  8. When you're ready, click Rotate Key.

• Open a command prompt and run oci kms management key-version import to import the wrapped AES key material as a new key version for an existing key:

  
  oci kms management key-version import --key-id <key_OCID> --wrapped-import-key <wrapped_key_material>

  For example:

  oci kms management key-version import --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --wrapped-import-key file://./wrapped_import_key.json

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Run the ImportKeyVersion operation to import key as an external key version.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.