Oracle Cloud Infrastructure Documentation

Creating a Vault

Learn how to create a vault in OCI External Key Management.

To create a vault in KMS side, you need the following details:
  • The external vault endpoint URL
  • Private endpoint OCID
  • Oauth metadata (IDCS URL, client application ID and client application secret)
Note

You must associate the confidential client app to identity domain, and this app is bound to confidential resource app (external key management) for authorization
    1. Open the navigation menu , select Identity & Security, and then select External Key Management.
    2. On the External key Management home page, select Create Vault.
    3. On the Create Vault page, provide the following details:
      • Name: Enter a name for the vault.
      • Description: Provide a short description.
      • Create in Compartment: Select a compartment for the OCI KMS vault.
      • IDCS Account Name URL: Enter the authentication URL that you use to access the KMS service. The Console redirects to a sign in screen.
      • Key Manager Vendor: Select a third-party vendor that deploys key management service. OCI External Key Managmement supports Thales external key management systems.
      • Client application ID:. Enter the OCI KMS client ID generated when you register the confidential client application in Oracle Identity Domain.
      • Client application secret: Enter the Secret ID of the confidential client application registered in the Oracle Identity Domain.
      • Private endpoint in compartment: Select the private endpoint GUID of the external key management.
      • External Vault URL: Enter the vault URL that was generated when you created vault in external key management.
    4. Select Create.

      After you create the vault, you can access the Vault Details page to see the status set as "ACTIVE."

      You can use the actions at the page top to rename, move resource, add tags, or delete vault. For more information, see Move Vault, Add TagsDelete Vault, and Cancel Vault Deletion.

  • Open a command prompt and run oci kms management vault create to create a new vault:

    oci kms management vault create –external-key-manager-metadata

    For example:

    
oci kms management vault create vault-1

    Avoid entering confidential information.

    For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.

  • Use the CreateVault API to create an external vault.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.