Creating a Master Encryption Key
Create a vault master encryption key.
Open a command prompt and run
oci kms management key create
to create a new key:oci kms management key create --compartment-id <target_compartment_id> --display-name <key_name> --key-shape <key_encryption_information> --endpoint <control_plane_url>
For example, on a MacOS or Linux machine:
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{"algorithm":"AES","length":"16"}' --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
Or, for example, on a Windows machine:
oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{\"algorithm\":\"AES\",\"length\":\"16\"}' --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
Avoid entering confidential information.
By default, the service creates a master encryption key protected by an HSM. If you prefer to create a master encryption key protected by software, specify the protection mode with
--protection-mode
. For example, on a Windows machine:oci kms management key create --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --display-name key-1 --key-shape '{\"algorithm\":\"AES\",\"length\":\"16\"}' --protection-mode SOFTWARE --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the CreateKey operation to create a new vault master encryption key.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.