Creating a Master Encryption Key
Create a vault master encryption key.
Use the oci kms management key create command and required parameters to create a master encryption key:
oci kms management key create --compartment-id <target_compartment_id> --display-name <key_name> --key-shape <key_encryption_information> --endpoint <control_plane_url> --is-auto-rotation-enabled <true | false> --auto-key-rotation-details <schedule_interval_information>
For example:
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{"algorithm":"AES","length":"16"}' --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com --is-auto-rotation-enabled enabled --auto-key-rotation-details '{"rotationIntervalInDays": 90, "timeOfScheduleStart": "2024-02-20T00:00:00Z"}'
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateKey operation to create a new vault master encryption key using the KMSMANAGMENT endpoint.
You can see the CreateKeyDetails operation for details of the key that you want to create.
Note
Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.