Disabling a Vault Key
Learn how to disable a specified master encryption key. Note that when you disable a key, any data or resources that use the key are unusable.
- Open the navigation menu , select Identity & Security, and then select Vault.
- Under List scope, select a compartment that contains the vault that you want to disable.
- On the Vaults page, select the name of the vault to open its details page.
- Under Resources, select Master Encryption Key.
- Select Disable.
Open a command prompt and run
oci kms management key disableto disable a key:oci kms management key disable --key-id <target_key_id> --endpoint <control_plane_url>For example:
oci kms management key disable --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.comFor a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.
Use the DisableKey operation with the Management Endpoint to disable a vault key.
Note
The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.
The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.
You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.
For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.