To Replicate a Vault and Its Keys

Learn how to replicate a vault and its keys.

Virtual vaults created before the cross-region vault replication feature was introduced can't be replicated across regions. However, all private vaults support cross region replication. You can use the GetVault API's isVaultReplicable parameter to find if a virtual vault supports cross region replication. Create a new vault and new keys if you have a vault that you need to replicate in another region and replication isn't supported for that vault. Existing keys can't be copied to a new vault.

Note

You can only replicate active virtual private vaults and active, enabled, or disabled keys.
    1. Open the navigation menu, select Identity & Security, and then select Vault.
    2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that you want to replicate.
    3. From the list of vaults in the compartment, click the name of the vault that you are interested in.
    4. Click Replicate Vault.
    5. In the Replicate Vault dialog box, choose a destination region from the list, and then click Create Replica.
  • Use the oci kms management vault create-vault-replica command and required parameters to create a replica for the vault in another region in the same realm.

    oci kms management vault create-vault-replica --replica-region target_region_id --vault-id vault_id

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the Create Vault Replica operation to create a replica for the vault in another region in the same realm.