Oracle Cloud Infrastructure Documentation

Updating the Master Encryption Key Assigned to a Queue

Update a queue to use your own encryption key. You can use a different encryption key for each queue.

By default, all encryption-related matters are handled by Oracle, but you can manage your own encryption keys using OCI Vault. Vault allows you to bring your own Advanced Encryption Standard (AES) symmetric keys and manage, rotate, disable, and delete them as needed. For more information, see Overview of Vault and Managing Keys.

To use your own encryption key, first ensure that you have the required IAM policies and import your key.

Policy for Encryption Keys

To use your own encryption key, you must let the Queue service use a Vault key to encrypt data in queues. For example:

allow service queue to use keys in compartment ABC where target.key.id = '<key_OCID>'

If you're new to policies, see Getting Started with Policies and Common Policies. If you want to dig deeper into writing policies for the Queue service, see Queue Policies.

    1. Open the navigation menu and click Developer Services. Under Application Integration, click Queues.
    2. On the left side of the screen, click Queues.
    3. In the list of queues, click the name of the queue that you want to edit.
    4. On the queue's details page, click Configure queue.
    5. In the Configure queue panel, verify or change the encryption settings:
      • Oracle-managed key: Select this option to leave all encryption-related matters to Oracle.
      • Customer-managed key: Select this option to encrypt the queue using a key of your own that's stored in OCI Vault. This lets you rotate, disable, and delete it as needed. After selecting this option, choose the vault that contains the key, and the key itself.
    6. Click Save changes.

  • Use the oci queue queue-admin queue update command and required parameters to edit a queue's encryption settings:

    oci queue queue-admin queue update --queue-id <queue_OCID>

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the UpdateQueue operation to update a queue's encryption settings.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.