Creating a Boot Volume Encrypted with a Vault key

Create a boot volume that's encrypted with a Vault key using the Command Line Interface (CLI) and API interfaces.

  • This task is not available in the OCI Console.

  • Open a command prompt and run oci bv boot-volume create to create a boot volume that is encrypted with a Vault service master encryption key:

    oci bv boot-volume create --display-name <volume_name> --compartment-id <target_compartment_id> --size-in-gbs <volume_size> --availability-domain <target_availability_domain> --kms-key-id <target_key_id>

    For example:

    oci bv boot-volume create --display-name EncryptedBlockVolume --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --size-in-gbs 50 --availability-domain AAbC:US-ASHBURN-AD-1 --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the CreateBootVolume operation to create a boot volume using a vault key.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.