1. Create Vault

Click on the Burger Menu in left side, select Identity & Security than go to the Key Management & Secret Management and select vault

Click on Create Vault

select compartment, choose a name and click on create vault

Vault is created (Test_vault)

2. Create Vault Key

Open Vault and scroll down and click on Master Encryption Keys and select create key

Select compartment, Protection Mode and click on Create key

Key is created (Test_vault_keys)

Click on three dot option in right side of created vault key and select Rotate key option

Confirm the rotate key option

To view the key details

click on the option view key details by clicking on three dot on the right side of created key details

In below screen you can see versions of key

3. Replace oracle managed keys with vault keys

Open Boot volume and click on the option assign next to encryption key

Select created vault & vault key and click on assign

It's clear that we currently lack the necessary permissions to change keys in the volume.

Therefore, our first step should be to create a policy that grants the required permissions.

Next we add this policy

allow service blockstorage to use keys in compartment Admincompute_comp

Now again try to assign vault key

Finally, vault key assigned to volume