Creating a Request to Enable Bring Your Own Key (BYOK)

Oracle Break Glass for Oracle Fusion Cloud Enterprise Performance Management supports Oracle Managed Access and BYOK features. BYOK enables you to use your own Transparent Data Encryption (TDE) key to encrypt the relational database used by the business process and rotate it as needed.

The Break Glass option is available as a separate subscription. It can also be added to an existing subscription. For details see Break Glass in Cloud EPM and Oracle Enterprise Data Management Cloud in the Getting Started Guide for Administrators.

After purchasing the Break Glass subscription, create a service request to enable BYOK in your test and production environments. You cannot configure BYOK before Oracle enables it.

Note:

• Enabling BYOK requires an outage of around 6 hours across all the environments where BYOK is to be enabled.
• When you create a new environment, also create the service request to enable BYOK on it.

See Submitting a Technical Service Request. The service request must contain the following information:

• Tenancies and regions where you want BYOK to be enabled, and whether you want it to be enabled for both the test and production environments, only for the production environments, or only for the test environments.
• Preferred outage window start date, start time, and time zone.

Oracle will enable BYOK on the requested environments and provide the following OCIDs for each region and tenancy (for each region and tenancy one set of OCIDs for test and another set for production environments):

• EPM Cloud tenancy OCID
• Database Dynamic Group OCID
• Instance Principal Dynamic Group OCID

You must set up the policies in Oracle Cloud Console using these OCIDs. For detailed steps, see Break Glass in Cloud EPM and Oracle Enterprise Data Management Cloud in the Getting Started Guide for Administrators. You can set up BYOK only after this step is complete.