Replicating a Vault and Its Keys
Learn how to replicate a vault and its keys.
Virtual vaults created before the cross-region vault replication feature was introduced can't be replicated across regions. However, all private vaults support cross region replication. You can use the GetVault API's isVaultReplicable parameter to find if a virtual vault supports cross region replication. Create a new vault and new keys if you have a vault that you need to replicate in another region and replication isn't supported for that vault. Existing keys can't be copied to a new vault.
You can only replicate active virtual private vaults and active, enabled, or disabled keys.
- Open the navigation menu , select Identity & Security, and then select Vault.
- Under List Scope, in the Compartment list, select the name of the compartment that contains the vault that you want to replicate.
- From the list of vaults in the compartment, select the name of the vault that you're interested in.
- Select Replicate Vault.
- In the Replicate Vault dialog box, select a destination region from the list, and then select Create Replica.
Use the oci kms management vault create-vault-replica command and required parameters to create a replica for the vault in another region in the same realm.
oci kms management vault create-vault-replica --replica-region target_region_id --vault-id vault_idFor a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Use the CreateVaultReplica API to create a replica for the vault in another region in the same OCI realm.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.