HeatWave: Encryption-at-rest with user-managed encryption key

HeatWave DB systems use Oracle Cloud Infrastructure (OCI) block and object storage services for storing data and backups. OCI encrypts each block volume and object with a data encryption key (DEK). DEKs are always encrypted with another key before they are stored. By default, HeatWave uses Oracle-managed keys to encrypt the DEKs. You can now provide your own keys to encrypt the DEKs. You must create or import your keys into OCI Key Management Service (KMS) and grant the necessary permissions for HeatWave to access and use the keys.

For more information, see Advanced Option: Encryption Key, Updating Encryption Key, and Key Management.