Oracle Cloud Infrastructure Documentation

Replicating a Vault and Its Keys

Learn how to replicate a vault and its keys.

Virtual vaults created before the cross-region vault replication feature was introduced can't be replicated across regions. However, all private vaults support cross region replication. You can use the GetVault API's isVaultReplicable parameter to find if a virtual vault supports cross region replication. Create a new vault and new keys if you have a vault that you need to replicate in another region and replication isn't supported for that vault. Existing keys can't be copied to a new vault.

Note

You can only replicate active virtual private vaults and active, enabled, or disabled keys.
    1. On the Vaults list page, find the vault that you want to work with. If you need help finding the list page, see Listing Vaults.
    2. Select the name of the vault that you want to replicate to view its details page.
    3. Select Actions, then select Replicate Vault.
    4. In the Replicate Vault dialog box, select a destination region from the list, and then select Create Replica.

  • Use the oci kms management vault create-vault-replica command and required parameters to create a replica for the vault in another region in the same realm.

    oci kms management vault create-vault-replica --replica-region target_region_id --vault-id vault_id

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the CreateVaultReplica API with the Management Endpoint to create a replica for the vault in another region in the same OCI realm.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.