Canceling a Master Encryption Key Deletion

Cancel deletion of a vault's master encryption key.

• Console
• CLI
• API

• Tip
  
  You can cancel the deletion of a key only when it is in a Pending Deletion state.

  1. Open the navigation menu, click Identity & Security, and then click Vault.
  2. Under List scope, select a compartment that contains the master encryption key that you want to cancel its deletion.
  3. On the Vaults page, click the name of the vault to open its details page.
  4. Under Resources, click Master Encryption Key and click the name of key to open its details page.
  5. Click Cancel Deletion.
  6. To confirm that you want to cancel deletion of the key, click Cancel Deletion.

     Access to the key and any resources or data encrypted by the key are restored when the key is again in Enabled state.

• Tip
  
  You can only cancel the deletion of a key that's in a Pending Deletion state.

  Open a command prompt and run oci kms management key cancel-deletion to cancel a key's scheduled deletion:

  oci kms management key cancel-deletion --key-id <target_key_id> --endpoint <control_plane_url>

  For example:

  
  oci kms management key cancel-deletion --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com

  For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

• Run the CancelKeyDeletion operation to cancel the deletion of a vault key using the KMSMANAGMENT endpoint.

  Note
  
  Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.