10_1 ‐ Using OCI Vault for Boot & Block Volume Encryption - SanjeevOCI/Ocidocs GitHub Wiki

🔐 Using OCI Vault for Boot & Block Volume Encryption

Secure your compute resources by creating Vaults, managing Encryption Keys, and applying them to Boot and Block Volumes in OCI.

Open the Search Menu and search for Vault → click the Vault option
Alternatively: ☰ → Identity & Security → Key Management & Secret Management

Vault Creation - Access Menu Figure 1. Navigate to Vault service

Vault Access Page Figure 2. Vault dashboard

Click Create Vault → Provide name, compartment, and select Default Management type.

Create Vault Wizard Figure 3. Start vault creation

Vault Details Figure 4. Configure vault name and compartment

Vault Options Figure 5. Select vault type

Vault Created Figure 6. Vault successfully created

Once the vault is created, navigate inside it and click Create Key.

Create Key Figure 7. Create a new key

Key Options Figure 8. Provide key name and type

Key Created Figure 9. Key creation completed

Rotating keys quarterly or biannually ensures new data is encrypted with the latest version of the key. Existing data remains accessible.

Key Rotation Menu Figure 10. Rotate keys from key actions menu

Rotate Key Steps Figure 11. Confirm rotation

Rotate Key Confirmation Figure 12. Rotation progress

Rotate Key Done Figure 13. Key rotated successfully

Rotate Key Final Figure 14. Key version history

☰ → Storage → Boot Volumes → Select volume → Encryption Key → Assign

Boot Volume Encryption - Start Figure 15. Boot volume details

Assign Encryption Key Figure 16. Assign KMS key

If you encounter permission errors, create a policy that allows Block Storage to use keys in the Vault compartment:

Allow service blockstorage to use keys in compartment <vault-compartment-name>