Assigning a Key to a Boot Volume

Assigning a key to a boot volume using the OCI Console and CLI interface.

• Console
• CLI
• API

• 1. Open the navigation menu and click Storage. Under Block Storage, click Block Volumes. In the Block Storage menu on the sidebar, click Boot Volumes.
  2. Under List Scope, in the Compartment list, choose the compartment that contains the boot volume that you want to encrypt with a Vault service master encryption key.
  3. From the list of volumes, click the volume name.

  4. Do one of the following:

     • If the volume already has a key assigned to it, next to Encryption Key, click Edit to assign a different key.
     • If the volume does not already have a key assigned to it, next to Encryption Key, click Assign.

  5. Choose the vault compartment, vault, key compartment, and key.

  6. When you are finished, click Assign or Update, as appropriate.

• Open a command prompt and run oci bv boot-volume-kms-key update to assign a new Vault service master encryption key to an existing boot volume:

  oci bv boot-volume-kms-key update --boot-volume-id <target_bootvolume_id> --kms-key-id <new_key_id>

  For example:

  
  oci bv boot-volume-kms-key update --boot-volume-id ocid1.bootvolume.oc1.sea.exampless6hvjs6j6mqwcdv4gfzhtanon3fsqyviqeh522be6wv7x7abz7pq --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq

  For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

• Run the OperationName operation to <task-being-performed>.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.