If your organization's security policies require customer-managed encryption keys, you can configure Autonomous Database to use an Oracle Cloud Infrastructure Vault master encryption key. With customer-managed master encryption keys, Autonomous Database uses the master encryption key to generate the TDE master key.

• About Customer-Managed Keys on Autonomous Database in OCI Vault
  Using customer-managed encryption keys on Autonomous Database in Oracle Cloud Infrastructure (OCI) Vault involves creating a master key in your OCI Vault and configuring your Autonomous Database instance to use encryption keys in the OCI Vault.
• Prerequisites to Use Customer-Managed Encryption Keys on Autonomous Database in OCI Vault
  Perform these prerequisite steps to use customer-managed keys on Autonomous Database in OCI Vault:
• Use Customer-Managed Encryption Keys with Vault Located in Local Tenancy
  Shows the steps to select customer-managed master encryption keys on Autonomous Database. If you are using customer-managed master encryption keys, follow these steps to rotate the master keys.
• Use Customer-Managed Encryption Key Located in a Remote Tenancy
  Shows the steps to select customer-managed master encryption keys from a Vault on a remote tenancy.
• Rotate Customer-Managed Encryption Keys on Autonomous Database in OCI Vault
  Describes how to rotate customer-managed encryption keys on Autonomous Database in OCI Vault.