Vault

OCI Vault is an encryption management service that stores and manages encryption keys and secrets to securely access resources.

Creating a Vault

Click on Create Vault

Select the Compartment in which we have to create the vault, and click on Create Vault.

Creating a Key

Now once the vault is created then we have to create a key, so click on the created vault and go inside.

Now, while creating a key , we get 2 options for protection mode(HSM,Software)

Where a key is stored and processed depends on its protection mode.

In key shape also we have three options but usually we go with AES.

Key created

Attaching the key to Block Volume

Now we have to attach the new key created by us to the block volume.

Go to our existing block volume and click on assign

Now select the vault which we created and the key and assign it.

We might get a error like this while assigning the key , this error means we this compartment where we have our block volume , does not have the permission to manage keys, so we have to create a policy to give this permission.

Creating a Policy for Permission to attach the key to Block Volume

Now we have to go to Identity and Security --> Policy --> Create Policy.

Now we have to write the policy and create it.

Once the policy is created, now we have to try to assign the key to the block volume.

Now we can see that the key is assigned to the Block Volume.

By time to time as per requirement , we have to rotate the keys for security purpose.

So the steps to rotate the key are -->

We have to go the vault created --> Go the key --> Rotate Key