Re-encrypting an Object Storage Bucket's Data Encryption Keys

• Console
• CLI
• API

• 1. Open the navigation menu and click Storage. Under Object Storage & Archive Storage, click Buckets.
  2. Select the compartment from the list under List Scope. All buckets in that compartment are listed in tabular form.
  3. Select the bucket for which you want to re-encrypt all data encryption keys. The bucket's Details page appears.
  4. Click Re-encrypt.
     Note
     
     

     If the Re-encrypt button isn't enabled, either the bucket is using a master encryption key managed by Oracle rather than a Vault master encryption, or the bucket doesn't contain any objects.

  5. Confirm the re-encryption. Clicking Re-encrypt generates a work request to re-encrypt all data encryption keys associated with the bucket.

  The Work Requests Details dialog box that displays information about the work request, including the percentage completed and the work request OCID. You can copy the work request OCID to monitor the request status later.

• Use the oci os bucket reencrypt command and required parameters to re-encrypt the unique data encryption key that encrypts each object written to the bucket by using the most recent version of the master encryption key assigned to the bucket.

  oci os bucket reencrypt --name bucket_name [OPTIONS]

  For example:

  
  oci os bucket reencrypt --name MyBucket

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Run the ReencryptBucket operation to re-encrypt the unique data encryption key that encrypts each object written to the bucket by using the most recent version of the master encryption key assigned to the bucket.

  When accessing the Object Storage API, the bucket name is used with the Object Storage namespace name to form the request URL:

  n/object_storage_namespace/b/bucket