Deleting Key References

• Console
• CLI
• API

• 1. Open the navigation menu , select Identity & Security, and then select External Key Management.
  2. On the External key Management home page, select a vault from the list.
  3. On the Vault Details page, select a key reference.
  4. On the Key Reference Details page, select Delete.
     Note
     
     OCI Key Management has a 7 day wait period for deleting a key reference. When you schedule a key reference for deletion, it goes to "pending deletion" state and all actions on the Key Reference Details page are disabled. Note that deleting a key reference doesn't delete the external key.

     .

• Open a command prompt and run oci kms management key schedule-deletion to delete a key reference:

  oci kms management key schedule-deletion –external-key-reference-id <target_key_id> --endpoint <control_plane_url>

  Avoid entering confidential information.

  For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.

• Use the ScheduleKeyDeletion API with the Management Endpoint to delete a key reference.

  Note
  
  

  The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

  The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

  You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

  For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.