Managing Vaults
Create and manage vaults as logical containers for encrypting keys and secrets.
For information specifically about backing up and restoring vaults, see Backing Up and Restoring Vaults and Keys. For information about configuring cross-region replication for vaults and keys, see Replicating Vaults and Keys. For information about what you can do with keys, see Managing Keys. For information about what you can do with vault secrets, see Managing Vault Secrets.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that's effectively equivalent to a virtual independent HSM.
Vault key management includes the following configurations:
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
If you're new to policies, see Getting Started with Policies and Common Policies.
Tagging Resources
Apply tags to resources to help organize them according to business needs. Apply tags at the time you create a resource, or update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.
Moving a Vault to a Different Compartment
You can move vaults from one compartment to another. After you move a vault to a new compartment, inherent policies apply immediately and affect access to the vault. Moving a vault doesn't affect access to any keys or secrets that the vault contains. You can move a key or secret from one compartment to another independently of moving the vault it's associated with.