Listing Master Encryption Keys

Learn how to get a list of the master encryption keys in a specified vault.

• Console
• CLI
• API

• 1. Open the navigation menu , select Identity & Security, and then select Vault.
  2. Under List scope, select the compartment that contains the master encryptions keys that you created in the vault.
  3. View the list of keys.
  4. Optional. If you need information about a specific key, select the key's name. The OCI Console displays the following information:
     • OCID: The unique, Oracle-assigned ID of the key.
     • Created: The date and time when you initially created the key.
     • Compartment: The unique, Oracle-assigned ID of the compartment that contains the key.
     • Protection Mode: Where the key is stored and processed, whether on a hardware security module (HSM) or on a server (software).
     • Vault: The unique, Oracle-assigned ID of the vault that contains the key.
     • Key Version: The unique, Oracle-assigned ID of the key version.
     • Algorithm: The encryption algorithm used by the key.
     • Length: The number of bits in the key length (for AES keys and RSA keys).
     • Curve ID: The curve ID of the key (for ECDSA keys).

• Use the oci kms management key get command and required parameters to get the details of a master encryption key:

  oci kms management key get --key-id <key_id>

  For example:

  
                  oci kms management key get --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --endpoint https://exampleaaacu2-management.kms.us-ashburn-1.oraclecloud.com

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Use the ListKeys API with the Management Endpoint to get a list of the master encryption keys in a specified vault and compartment.

  Note
  
  

  The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

  The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

  You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

  For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

  .

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.