Creating a Master Encryption Key
Create a vault master encryption key.
Open a command prompt and run
key create
to create a new key:oci kms management key create --compartment-id <target_compartment_id> --display-name <key_name> --key-shape <key_encryption_information> --endpoint <control_plane_url> --is-auto-rotation-enabled <true | false> --auto-key-rotation-details <schedule_interval_information>
For example, on a MacOS or Linux machine:
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{"algorithm":"AES","length":"16"}' --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com --is-auto-rotation-enabled enabled --auto-key-rotation-details '{"rotationIntervalInDays": 90, "timeOfScheduleStart": "2024-02-20T00:00:00Z"}'
Or, for example, on a Windows machine:
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{\"algorithm\":\"AES\",\"length\":\"16\"}' --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{\"algorithm\":\"AES\",\"length\":\"16\"}' --protection-mode SOFTWARE --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateKey operation to create a new vault master encryption key using the KMSMANAGMENT endpoint.
You can see the CreateKeyDetails operation for details of the key that you want to create.
Note
Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.