Top FAQs for Data Encryption

The top FAQs when using custom data encryption in Oracle Analytics Cloud are identified in this topic.

What is the difference between Oracle-managed and customer-managed encryption?

Oracle-managed is the default encryption for Oracle Analytics Cloud and many other services in Oracle Cloud Infrastructure. Oracle-managed means sensitive data in Oracle Analytics Cloud will be encrypted with an encryption key whose lifecycle management is controlled by Oracle. Customers who don’t want to manage or access their encryption keys and are looking for the easiest way to protect all their data stored in Oracle Analytics Cloud can choose Oracle-managed encryption.

Customer-managed encryption is offered by the Vault service in Oracle Cloud Infrastructure. With customer-managed encryption, you control and manage the keys that protect your data.

Why can't I see the vault or encryption key I want to use for my Oracle Analytics Cloud instance?

You must have access to the compartment where the vault and master encryption key is stored, and you must have the required permissions to read and manage keys. See Prerequisites for Custom Encryption.

What happens if the custom encryption key my Oracle Analytics Cloud instance uses is deleted or disabled?

Disabling or deleting a customer-managed key makes your content within Oracle Analytics Cloud unreadable for everyone (including Oracle) and anyone who tries to access Oracle Analytics Cloud sees a 403 error (forbidden).

Your Oracle Analytics Cloud instance is unavailable (403 error) when the state of the master encryption key is any of the following: DISABLING, DISABLED, DELETING, DELETED, SCHEDULING_DELETION, PENDING_DELETION.

If the key is disabled and you decide to enable the key, Oracle Analytics Cloud becomes accessible. See Enable a key.

If the key was deleted, you might be able to cancel the delete operation. See Cancel the deletion of a key.