About Customer-Managed Keys on Autonomous AI Database in OCI Vault

Using customer-managed encryption keys on Autonomous AI Database in Oracle Cloud Infrastructure (OCI) Vault involves creating a master key in your OCI Vault and configuring your Autonomous AI Database instance to use encryption keys in the OCI Vault.

As Autonomous AI Database uses keys that are available in OCI Vault, you can integrate Thales CipherTrust Manager, or another supported external key management service, with Oracle Cloud Infrastructure key management. Then Autonomous AI Database uses the OCI Vault that maps to the Thales-hosted key. Refer to the OCI Vault documentation to Configure Thales with OCI Vault and Register an Identity Provider for OCI External Key Management Service. You then attach the external key reference to Autonomous AI Database under Manage Encryption Key, using the steps provided.

Follow these general steps:

1. Create a master encryption key in your OCI Vault.

   See Prerequisites to Use Customer-Managed Encryption Keys on Autonomous AI Database in OCI Vault for more information.

2. Select customer-managed encryption keys from the Oracle Cloud Infrastructure Console:

   • For an existing database, select Manage Encryption Key on the Oracle Cloud Infrastructure Console.

   • While provisioning, under Advanced Options, on the Encryption Key tab select either Encrypt using customer-managed key in this tenancy or Encrypt using a customer-managed key located in a remote tenancy.

   • While cloning, under Advanced Options, on the Encryption Key tab select either Encrypt using customer-managed key in this tenancy or Encrypt using a customer-managed key located in a remote tenancy.

   See Use Customer-Managed Encryption Keys with Vault Located in Local Tenancy,Use Customer-Managed Encryption Key Located in a Remote Tenancy andNotes for Using Customer-Managed Keys with Autonomous AI Database for more information.