Onboarding External KMS

Steps to onboard users to External Key Management System.

The External KMS onboarding process includes details about setting up network components, setting up new user account, providing user permissions, configuring private endpoint, and configuring network policies and IAM policies for accessing vault and keys.

The following diagram is a workflow showing the steps involved in onboarding the External KMS feature:

Before you setup your External KMS onboarding process, as a pre-requisite you must complete the Thales CipherTrust Manager (CM) deployment steps. As a next step, you must complete the process of creating the vault and its keys. For more information about Thales CM deployment, see CipherTrust Manager Deployment.

For more information about vault and keys in Thales CM, see Managing External Vault, and Managing External Keys.

Once you have deployed the third-party key management system, you must complete the following tasks to onboard into OCI external KMS feature: