How to encrypt an Oracle Cloud bucket using customer-managed keys stored in OCI Vault
1. Create a key in the vault
2. Add policy
We'll need a new IAM policy to allow the buckets to use the Vault keys:
allow service objectstorage-us-ashburn-1 to use keys in tenancy
Info: you can swap the objectstorage-us-ashburn-1 with blockstorage to enable encryption using customer-managed keys on block volumes
3. Create a bucket with customer-managed keys encryption
You can also edit a current bucket to use the customer-managed key instead of the default OCI key.
Safe harbor statement
The information provided on this channel/article/story is solely intended for informational purposes and cannot be used as a part of any contractual agreement. The content does not guarantee the delivery of any material, code, or functionality, and should not be the sole basis for making purchasing decisions. The postings on this site are my own and do not necessarily reflect the views or work of Oracle or Mythics, LLC.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Top comments (0)