Manage Master Encryption Keys in AWS Key Management Service
Autonomous Database supports customer-managed Transparent Data Encryption (TDE) keys that reside in AWS Key Management Service (KMS).
- Prerequisites to Use Customer-Managed Encryption Keys in AWS Key Management Service
Describes prerequisite steps to use customer-managed master encryption keys that reside in Amazon Web Services (AWS) Key Management Service (KMS) on Autonomous Database. - Use Customer-Managed Encryption Keys on Autonomous Database with AWS Key Management Service
Shows the steps to encrypt your Autonomous Database using customer-managed master encryption keys that reside in AWS Key Management Service (KMS).
Parent topic: Manage Encryption Keys on Autonomous Database
Prerequisites to Use Customer-Managed Encryption Keys in AWS Key Management Service
Describes prerequisite steps to use customer-managed master encryption keys that reside in Amazon Web Services (AWS) Key Management Service (KMS) on Autonomous Database.
- AWS KMS is only supported in commercial regions.
- Cross-tenancy access, where the Autonomous Database instance and AWS KMS are in different tenancies, is not supported.
- AWS KMS is not supported in cross-region standbys.
- AWS KMS is not supported in refreshable clones.
Follow these steps:
Use Customer-Managed Encryption Keys on Autonomous Database with AWS Key Management Service
Shows the steps to encrypt your Autonomous Database using customer-managed master encryption keys that reside in AWS Key Management Service (KMS).
Follow these steps:
The Lifecycle State changes to Updating. When the request completes, the Lifecycle State shows Available.
After the request completes, on the Oracle Cloud Infrastructure Console, the key information shows on the Autonomous Database instance details page under the heading Encryption.
For example:
See Notes for Using Customer-Managed Keys with Autonomous Database for more information.