Re-encrypting a Bucket's Data Encryption Keys

To encrypt and decrypt all the data encryption keys with the same, most recent version of the assigned master encryption key, you can re-encrypt the bucket in Object Storage.

For more information, see Encrypting Data.

    1. Open the navigation menu and click Storage. Under Object Storage & Archive Storage, click Buckets.

      A list of the buckets in the compartment you're viewing is displayed. If you don’t see the one you're looking for, verify that you’re viewing the correct compartment (select from the list on the left side of the page).

    2. Click the name of the bucket for which you want to re-encrypt all data encryption keys.
    3. On the Bucket Details page, click Re-encrypt.

      If the button isn’t enabled, either the bucket is using a master encryption key managed by Oracle rather than a Vault master encryption, or the bucket doesn’t contain any objects.

    4. In the confirmation dialog box, click Re-encrypt to generate a work request to re-encrypt all data encryption keys associated with the bucket.

    The Work Requests Details dialog box that displays information about the work request, including the percentage completed and the work request ID. You can copy the work request ID to monitor the request status later.

  • This is the command used to re-encrypt a bucket:

    oci os bucket reencrypt --name <bucket_name>

    For example:

    oci os bucket reencrypt --name MyBucket
  • For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.

    When accessing the Object Storage API, the bucket name is used with the Object Storage namespace name to form the request URL:


    Two key properties are worthy of mention in the payload for CreateBucket and UpdateBucket APIs:

    • publicAccessType property controls whether the bucket is private or public and limits the capability to list public bucket contents.
    • objectEventsEnabled property controls if events are emitted for the objects in this bucket.