Editing a Key to a Block Volume

Editing a key to a block volume.

  • Important

    The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.
    1. Open the navigation menu and click Storage. Under Block Storage, click Block Volume Backups.
    2. Under List Scope, in the Compartment list, choose the compartment that contains the block volume that you want to encrypt with a Vault service master encryption key.
    3. From the list of volumes, click the volume name.
    4. Then, do one of the following:

      • If the volume already has a key assigned to it, next to Encryption Key, click Edit to assign a different key.
      • If the volume does not already have a key assigned to it, next to Encryption Key, click Assign.
    5. Choose the vault compartment, vault, key compartment, and key.

    6. When you are finished, click Assign or Update, as appropriate.

  • Open a command prompt and run oci bv volume-kms-key update to assign a new Vault service master encryption key to an existing block volume:

    oci bv volume-kms-key update --volume-id <target_blockvolume_id> --kms-key-id <new_key_id>

    For example:

    
    oci bv volume-kms-key update --volume-id ocid1.volume.oc1.sea.examplerwzq7bnohn5vf6b7k4zkp54miqfcvg6xsuvkllgzzw63mfuu6z5fa --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the UpdateVolumeKmsKey operation to update a key for a block volume.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.