About Customer-Managed Keys on Autonomous Database in OCI Vault

Using customer-managed encryption keys on Autonomous Database in Oracle Cloud Infrastructure (OCI) Vault involves creating a master key in your OCI Vault and configuring your Autonomous Database instance to use encryption keys in the OCI Vault.

Follow these general steps:
  1. Create a master encryption key in your OCI Vault.
  2. Select customer-managed encryption keys from the Oracle Cloud Infrastructure Console:
    • For an existing database, select Manage Encryption Key on the Oracle Cloud Infrastructure Console.

    • While provisioning, under Advanced Options, on the Encryption Key tab select either Encrypt using customer-managed key in this tenancy or Encrypt using a customer-managed key located in a remote tenancy.

    • While cloning, under Advanced Options, on the Encryption Key tab select either Encrypt using customer-managed key in this tenancy or Encrypt using a customer-managed key located in a remote tenancy.

    See Use Customer-Managed Encryption Keys with Vault Located in Local Tenancy, Use Customer-Managed Encryption Key Located in a Remote Tenancy and Notes for Using Customer-Managed Keys with Autonomous Database for more information.