Oracle Cloud Infrastructure Documentation

Updating the Master Encryption Key Assigned to a Stream Pool

Change a stream pool's master encryption key.

To review requirements for creating and managing streams, see Getting Started with Streaming.

    1. On the Stream Pools list page, select the stream pool that you want to work with. If you need help finding the list page or the stream pool, see Listing Stream Pools.
    2. On the details page, select Edit Settings.
    3. To encrypt the data in the streams in this stream pool by using your own Vault encryption key, select Encrypt using customer-managed keys. To use the Vault service for your encryption needs, you need access to a vault and key, and you must allow the service to use the key.
      • Vault: Select the vault that contains the master encryption key that you want to use.
      • Master encryption key: Select the master encryption key that you want to use.

      For more information about encryption with a Vault key that you manage, see Overview of Vault and Managing Keys.

      Note

      You can also update encryption settings from the details page.

      • To stop using an Oracle-managed key in favor of a Vault master encryption key that you manage, select Assign, select a vault and encryption key you have access to, and then select Assign.
      • To select a different Vault master encryption key that you manage, select Update, select a vault and encryption key you have access to, and then select Update.
      • To remove the assigned Vault master encryption key and let Oracle manage the encryption key, select Unassign and then select Unassign again to confirm the removal of the existing key assignment.
    4. Select Edit Settings to save changes.

  • Use the oci streaming admin stream-pool update command and required parameters to update a stream pool's master encryption key:

    oci streaming admin stream-pool update --stream-pool-id <stream_pool_OCID>
    Tip

    Provide input for --custom-encryption-key-details, --private-endpoint-details, and --kafka-settings as valid formatted JSON. See Passing Complex Input and Using a JSON File for Complex Input for information about JSON formatting.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the UpdateStreamPool operation to update a stream pool's master encryption key.