Editing a Key to a Block Volume
Editing a key to a block volume.
- Important
The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.- Open the navigation menu and click Storage. Under Block Storage, click Block Volume Backups.
- Under List Scope, in the Compartment list, choose the compartment that contains the block volume that you want to encrypt with a Vault service master encryption key.
- From the list of volumes, click the volume name.
-
Then, do one of the following:
- If the volume already has a key assigned to it, next to Encryption Key, click Edit to assign a different key.
- If the volume does not already have a key assigned to it, next to Encryption Key, click Assign.
-
Choose the vault compartment, vault, key compartment, and key.
-
When you are finished, click Assign or Update, as appropriate.
Open a command prompt and run
oci bv volume-kms-key update
to assign a new Vault service master encryption key to an existing block volume:oci bv volume-kms-key update --volume-id <target_blockvolume_id> --kms-key-id <new_key_id>
For example:
oci bv volume-kms-key update --volume-id ocid1.volume.oc1.sea.examplerwzq7bnohn5vf6b7k4zkp54miqfcvg6xsuvkllgzzw63mfuu6z5fa --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq
For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.
Run the UpdateVolumeKmsKey operation to update a key for a block volume. For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.