Disabling a Vault Key
Disable a vault master encryption key. When you disable a key, any data or resources that use the key will be unusable.
- Open the navigation menu, select Identity & Security, and then select Vault.
- Under List scope, select a compartment that contains the vault that you want to disable.
- On the Vaults page, click the name of the vault to open its details page.
- Under Resources, click Master Encryption Key.
- Click Disable.
Open a command prompt and run
oci kms management key disable
to disable a key:oci kms management key disable --key-id <target_key_id> --endpoint <control_plane_url>
For example:
oci kms management key disable --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com
For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.
Run the DisableKey operation to disable the vault key using the KMSMANAGMENT endpoint.
Note
Each region uses the KMSMANAGMENT endpoint for managing keys. This endpoint is referred to as the control plane URL or vault management endpoint. For regional endpoints, see the API Documentation.For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.