Manage Master Encryption Keys in Azure Key Vault
Autonomous Database supports customer-managed Transparent Data Encryption (TDE) keys that reside in Azure Key Vault.
- Prerequisites to Use Customer-Managed Encryption Keys in Azure Key Vault
Describes prerequisite steps to use customer-managed master encryption keys on Autonomous Database that reside in Azure Key Vault. - Use Customer-Managed Encryption Keys on Autonomous Database with Azure Key Vault
Shows the steps to encrypt your Autonomous Database using customer-managed master encryption keys that reside in Azure Key Vault.
Parent topic: Manage Encryption Keys on Autonomous Database
Prerequisites to Use Customer-Managed Encryption Keys in Azure Key Vault
Describes prerequisite steps to use customer-managed master encryption keys on Autonomous Database that reside in Azure Key Vault.
- Azure Key Vault is only supported in commercial regions.
- Cross-tenancy access, where the Autonomous Database instance and the Azure Key Vault are in different tenancies, is not supported.
- Azure Key Vault is not supported in cross-region standbys.
- Azure Key Vault is not supported in refreshable clones.
Follow these steps:
Parent topic: Manage Master Encryption Keys in Azure Key Vault
Use Customer-Managed Encryption Keys on Autonomous Database with Azure Key Vault
Shows the steps to encrypt your Autonomous Database using customer-managed master encryption keys that reside in Azure Key Vault.
Follow these steps:
The Lifecycle State changes to Updating. When the request completes, the Lifecycle State shows Available.
After the request completes, on the Oracle Cloud Infrastructure Console, the key information shows on the Autonomous Database Information page under the heading Encryption. This area shows the Encryption Key is Customer-managed key (Microsoft Azure), and displays the Vault URI and Key name.
For example:
See Notes for Using Customer-Managed Keys with Autonomous Database for more information.
Parent topic: Manage Master Encryption Keys in Azure Key Vault