Disabling a Vault Key

Disable a vault master encryption key. When you disable a key, any data or resources that use the key will be unusable.

    1. Open the navigation menu, click Identity & Security, and then click Vault.
    2. Under List scope, select a compartment that contains the vault that you want to disable.
    3. On the Vaults page, click the name of the vault to open its details page.
    4. Under Resources, click Master Encryption Key.
    5. Click Disable.
  • Open a command prompt and run oci kms management key disable to disable a key:

    oci kms management key disable --key-id <target_key_id> --endpoint <control_plane_url>

    For example:

    
    oci kms management key disable --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the DisableKey operation to disable the vault key using the KMSMANAGMENT endpoint.

    Note

    Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.