Oracle Cloud Infrastructure Documentation

Restoring a key

Restoring a vault key using the OCI Console and API interfaces.

    1. Open the navigation menu , select Identity & Security, and then select Vault.
    2. Under List Scope, in the Compartment list, select the name of the compartment of the vault that contains the key that you want to restore.
    3. From the list of vaults in the compartment, select the name of the vault. You must select the same vault where the key was backed up originally. (If needed, also change the list scope to the compartment where the key was at the time of backup.)
    4. Select Master Encryption Keys, and then select Restore Key.
    5. Select a source. You can import a backup from an Existing Object Storage Bucket or a pre-authenticated Object Storage URL that you can write to. You can also Upload a File from your computer or a mapped network location.
    6. Do one of the following, depending on what you chose in the previous step:
      • Select a bucket from the dropdown menu. If needed, you can change the compartment to find a bucket in a different compartment. Then, specify the Backup Name. Avoid entering confidential information.
      • Select Object Storage URL, and then provide a pre-authenticated URL to an object.
    7. When you are finished, select Restore Key.

  • Use the oci kms management key restore command and required parameters to restore a key:

    oci kms management key restore --bucket-name <bucket_name> --from-json <json_input>

    See Advanced JSON Options for information on using JSON input with this command.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the RestoreKeyFromFile API or the RestoreKeyFromObjectStore API with the Management Endpoint to restore a key from a backup.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.