Disabling Key References

Disabling key references in the OCI vault.

The "Disable" operation for a key and its key reference is a recoverable action as it can be enabled again. If an external key is disabled (temporarily unused state) on CipherTrust Manager (CM), you can disable its key reference in OCI KMS. As a result, the external key can no longer be used for cryptographic operations with Oracle data at rest.

    1. Open the Oracle Cloud Console navigation menu and click Identity & Security. Under Key Management and Secret Management, click External Key Management.
    2. In the External key Management home page, select a vault from the summary table.
    3. In the Vault Details page, select a key reference.
    4. In the Key Reference Details page, click Disable.

      After disabling a key reference, all actions on the key reference gets disabled. However, on enabling it again, the actions become enabled.

  • Open a command prompt and run oci kms management key disable to disable a key reference:

    oci kms management key disable –external-key-reference-id <target_key_id> --endpoint <control_plane_url>

    Avoid entering confidential information.

    For a complete list of flags and variable options for Vault CLI commands, see Command Line Reference.

  • Run the DisableKey operation to disable a key reference.


    For information about using the API and signing requests, see the API Documentation.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.