Creating a Compute Instance with an Encrypted Boot Volume

Create a compute instance with an encrypted boot volume using the OCI Console and CLI interface.

• Console
• CLI
• API

• 1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Under List Scope, in the Compartment list, choose the compartment where you want to create an instance with a boot volume that's encrypted with a Vault service master encryption key.

  3. Click Create Instance, and then follow the instructions in Launching an Instance.

• 1. First, create the JSON input for configuring the instance and boot volume: Open a command prompt and run oci compute instance launch --generate-full-command-json-input.

  2. Copy, and then paste the output from the command into a text file for editing. Edit the JSON to provide values appropriate for your tenancy and desired image operating system and instance shape. The following example shows the minimum settings required to create an instance and encrypted boot volume.

     {
     "availabilityDomain": "ABcD:US-ASHBURN-AD-1",
     "compartmentId": "ocid1.tenancy.oc1..examplea54hlbsiugecvb4g67tnth7ouk4iivkpysfauxcetd55uiunrykhq",
     "displayName": "InstanceWithEncryptedBootVolume",
     "metadata": {
     },
     "shape": "VM.Standard1.1",
     "subnetId": "ocid1.subnet.oc1.iad.exampleaurihk3x3yl2vcvb53uz22zgauoujtcwvtbxvfauxdvsjmdfv4dza",
     "sourceDetails": {
        "sourceType": "image",
        "imageId": "ocid1.image.oc1.iad.exampleaeookczfwutjxzcvb2gcdgdx4yk6xls7d5fhtlfauxzpaxdedny4a",
        "kmsKeyId": "ocid1.key.oc1.iad.exampleoaaeug.examplera4soq2vescvbjmwredhewtto7rlfauxhvme73y7jayxx6rpaenlq"
        }
     }

     Avoid entering confidential information in the instance name.

  3. Save the file with a ".json" file extension.
  4. In the command prompt, run oci compute instance launch --from-json file://<file_path>, providing the location of the file you saved in the previous step. For example: oci compute instance launch --from-json file://c:\temp\compute-boot-volume.json.

• Run the OperationName operation for creating compute instance with encrypted boot volume.