Oracle Cloud Infrastructure Documentation

Managing Vaults

This topic describes what you can do with vaults. For information about what you can do with keys, see Managing Keys.

Key Management lets you create one virtual private vault in any given tenancy. A virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that’s effectively equivalent to a virtual independent HSM. As such, virtual private vaults have dedicated administration and users. They also restrict other tenants from accessing your encryption keys.

Vault management tasks include the following:

  • Creating a vault
  • Viewing vault configuration details
  • Updating the vault name

  • Managing vault tags

  • Deleting a vault

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a An IAM document that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which A collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: For typical policies that give access to keys and vaults, see Let security admins manage vaults and keys.

Also, be aware that a policy statement with inspect vaults gives the specified group the ability to see all information about the vaults. Likewise, a policy statement with inspect keys gives the specified group the ability to see all information about the keys. For more information, see Details for the Key Management Service.

If you're new to policies, see Getting Started with Policies and Common Policies.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Using the Console

To view vault configuration details

To create a new vault
To change a vault name
To manage a vault's tags
To delete a vault
To cancel the deletion of a vault

Using the Command Line Interface (CLI)

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see CLI Help.

To view vault configuration details
To create a new vault
To create a new vault with resource tags
To change a vault name
To delete a vault
To cancel the deletion of a vault

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following operations to manage vaults: