Oracle Cloud Infrastructure Documentation

Getting Master Encryption Key Details

Learn how to get details for a specific master encryption key.

    1. Open the navigation menu , select Identity & Security, and then select Vault.
    2. Under List scope, select the compartment that contains the key.
    3. From the list of vaults in the compartment, select a vault name.
    4. Select Master Encryption Key, and then select the name of the key to open its details page.
    The Key Information section displays the following information:
    • OCID: The unique, Oracle-assigned ID of the key.
    • Created: The date and time when you initially created the key.
    • Compartment: The name of the compartment that contains the key.
    • Vault: The name of the vault that contains the key.
    • Algorithm: Specifies the algorithm selected at the time of creation.
    • Length: Specifies the key length defined at the time of creation.
    • Auto rotation: Specifies whether the auto rotation setting is enabled or disabled for the key.
    • Last successful auto rotation: The date and time of the last successful auto rotation for the key.
    • Next auto rotation: The date and time when the key is eligible for the next scheduled rotation.

  • Open a command prompt and run oci kms management key rotate to rotate a key

    oci kms management key get [OPTIONS]

    For example:

    oci kms management key create --generate-param-json-input key-shape > key-shape.json

    Cryptographic operations involving objects that were encrypted with the previous version of this key will continue to use the older key version. You can re-encrypt those objects with the current key version if you prefer.

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Use the GetKey API with the Management Endpoint to get information about a specified master encryption key.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.