Creating a Master Encryption Key

Learn how to create a master encryption key in OCI's Key Management service .

Note the following when creating master encryption keys:

  • Auto-rotation: When you create a master encryption key in a virtual private vault, you have the option of enabling automatic key rotation. See the Automatic Key Rotation section of the Key and Secret Management Concepts topic for complete details. See Enabling and Updating Auto Key Rotation for instructions on updating auto-rotation settings.

  • Available algorithms: You can select from the following algorithms when creating a key:
    • AES: Advanced Encryption Standard (AES) keys are symmetric keys that you can use to encrypt data at rest.
    • RSA: Rivest-Shamir-Adleman (RSA) keys are asymmetric keys, also known as key pairs that consists of a public key and a private key. You can use them to encrypt data in transit, to sign data, and to verify the integrity of signed data.
    • ECDSA: Elliptic curve cryptography digital signature algorithm (ECDSA) keys are asymmetric keys that you can use to sign data and to verify the integrity of signed data.

For more information on keys in OCI's Key Management service, see Keys in the the Key and Secret Management Concepts topic.

Was this article helpful?