Oracle Cloud Infrastructure Documentation

Moving Key to a Different Compartment

Learn how to moving a master encryption key to a different compartment in the OCI Key Management service.

    1. Open the navigation menu , select Identity & Security, and then select Vault.
    2. Under List scope, select a compartment that contains vault that you want to move.
    3. On the Vaults page, select the name of the vault to open its details page.
    4. On the Vault Details page, select Master Encryption Key under Resources and select the name of key to open the details page.
    5. On the Key Details page, select Move resource.
    6. In the Move resource dialog box, select the destination compartment and then select Move resource.

  • Open a command prompt and run oci kms management key change-compartment to move a master encryption key from one compartment to another within the same tenancy:

    oci kms management key change-compartment --key-id <target_key_id> --compartment-id <new_compartment_id>

    For example:

    
oci kms management key change-compartment --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz

    For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

  • Run the ChangeKeyCompartment operation to change the compartment using the Management Endpoint (KMSMANAGMENT).

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.