How External KMS Works

Understand how External Key Management works.

The following diagram shows the External KMS workflow for encryption/decryption operation:

1. OCI application/services sends an encryption/decryption request.
2. OCI External Key Management Service (KMS) then forwards the request to third-party key management system (Thales) deployed in customer premises.
3. Thales then performs encryption/decryption operation on the data and sends the encrypted/decrypted data back to the OCI External KMS.
4. OCI External KMS forwards the response to the OCI application/services.