Configure Server-Side Encryption with Customer-Managed Keys
Configure the required Identity and Access Management (IAM) policy to allow Customer-managed OCI Object Storage to use customer-managed encryption keys.
Overview
If you use Customer-managed keys for encryption, configure the required IAM policy to allow Object Storage to access the encryption key.
This policy is required only when Customer-managed keys is selected in the Encryption field.
Placeholder Values
| Placeholder | Value |
|---|---|
<region_name> |
OCI region name (for example, us-phoenix-1) |
<compartment_OCID> |
OCI compartment containing the encryption key |
<key_OCID> |
Encryption key OCID |
Sample Policy
Allow service objectstorage-<region_name> to use keys in compartment id <compartment_OCID> where target.key.id = <key_OCID>
Example
Allow service objectstorage-us-phoenix-1 to use keys in compartment id ocid1.compartment.oc1..aaaaaaaatc7w5ll7vftzusdcs7fl7i6cgfu4sp42qvgjsvljnuvbvx4gvwhq where target.key.id = 'ocid1.key.oc1.phx.efuxveexaacj6.abyhqljsipurnp3onwuzrpy5442jjt346uhfag6rovgyjrqku3b5i7dpbmyq'