Rotate or Change the Custom Encryption Key using the Console

Oracle recommends that you rotate your custom encryption key from time-to-time to maintain security compliance. After rotating your encryption key, you can use the Console to assign the new key version to your Oracle Analytics Cloud instance.

If for any reason you need to change to a different encryption key, you can do this from the Console too.

  1. In Oracle Cloud Infrastructure Console, rotate the existing encryption key or set up a new one.
  2. In Console, click Navigation menuin the top left corner.
  3. Under Solutions and Platform, select Analytics, then Analytics Cloud.
  4. Select the compartment that contains the Oracle Analytics Cloud instance you're looking for.
  5. Click the name of the instance you want to update data encryption details for.

    The Oracle Analytics Cloud instance must be deployed with Enterprise Edition. Custom encryption isn't available on Oracle Analytics Cloud instances deployed with Professional Edition.

  6. On the Instance Details page, navigate to Encryption Key and click Edit.
  7. Do one of the following:
    • Rotate the existing master encryption key: You don't need to select new values for Vault or Master Encryption Key. When you click the Save Changes button, the latest version of the key will be used to encrypt data.
    • Change the master encryption key: Use Vault and Master Encryption Key to select a different encryption key.

      If the vault or key you're looking for isn't in the current compartment, click Change Compartment.

    Description of oac_key_edit.png follows
    Description of the illustration oac_key_edit.png
  8. Click Save Changes.

    The Activity Log shows UPDATE_INSTANCE_ENCRYPTION_KEY in progress. The encryption key is ready to use when you see the message Successfully changed the Master Encryption Key.The key update might take some time to complete; the length of time depends on the system load and the amount of data that requires re-encryption.