Oracle Cloud Infrastructure Documentation

Importing Key Material for an External Symetric Key Version

Learn how to import key material as a new external key version.

    1. On the Master Encryption Keys list page, find the key that you want to work with. If you need help finding the list page, see Listing Keys.
    2. In the key list, select Actions menu (three dots) for the key being rotated, and then select Rotate key. Note that importing external key material creates a new key version and rotates the key.
    3. In the Confirm dialog box, select the Import External Key Version option.
    4. Under External Key Data Source, provide the file that contains the wrapped key material.
    5. Select Rotate Key to complete the rotation.

  • Use the oci kms management key-version import command and required parameters to import key material for a new key version and rotate the target master encryption key:

    oci kms management key-version import --key-id <key_OCID> --wrapped-import-key <wrapped_key_material> --endpoint <kmsmanagement_control_plane_URL> [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the ImportKeyVersion API with the Management Endpoint to import key material for a new key version and rotate the target master encryption key.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.