How External KMS Works

Understand how External Key Management works.

The following diagram shows the External KMS workflow for encryption/decryption operation:


External KMS workflow

  1. OCI application/services sends an encryption/decryption request.
  2. OCI External Key Management Service (KMS) then forwards the request to third-party key management system (Thales) deployed in customer premises.
  3. Thales then performs encryption/decryption operation on the data and sends the encrypted/decrypted data back to the OCI External KMS.
  4. OCI External KMS forwards the response to the OCI application/services.