Managing Keys
Create and manage vault keys and key versions.
For information specifically about creating vault keys with your own key material, see Importing Vault Keys and Key Versions. For information about assigning keys to protect supported resources, see Assigning Master Encryption Keys. For information about how you can use keys in cryptographic operations, see Using Master Encryption Keys. For information about backing up and restoring keys, see Backing Up and Restoring Vaults and Keys. For information about what you can do with vaults where you store keys, see Managing Vaults. For information about keys more generally, see Key and Secret Management Concepts.
Managing vault keys include the following configurations:
- Getting a vault's key details
- Create a key
- View key details
- View a list of keys
- View a list of key versions for a specific key
- Manage key tags
- Enable keys for use in vault cryptographic operations
- Rotate keys to generate vault cryptographic material
- Disable keys to prevent their usage in vault cryptographic operations
- Delete keys to permanently prevent their usage in vault cryptographic operations or assignment to resources
- Move a key to a new compartment
For enhanced control and visibility over your vault encryption keys, the External Key Management (EKM) feature in Vault enables you to manage your keys in a third-party key management system outside of Oracle cloud. EKM is only available in the US West (San Jose) region. To enable EKM in your tenancy, contact Oracle sales.
Required IAM Policy
If you're new to policies, see Managing Identity Domains and Common Policies.
Tagging Resources
This section describes how to assign Vault keys and remove key assignments using Console, and API
Apply tags to resources to help organize them according to business needs. Apply tags at the time you create a resource, or update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.
Monitoring Resources
This section describes how to monitor your Vault resources.
You can monitor your vault resources.
Moving Resources to a Different Compartment
Learn how to move Vault resources such as keys to different compartment.
You can move keys from one compartment to another. After you move a key to a new compartment, inherent policies apply immediately and affect access to the key and key versions. Moving a key doesn't affect access to the vault that a key is associated with. Similarly, you can move a vault from one compartment to another independently of moving any of its keys. For more information, see Managing Compartments.