Oracle Cloud Infrastructure Documentation

Updating Encryption Key

You can update the encryption key of a DB system. You can either use serviced-managed or self-managed encryption key. Updating the encryption key restarts the DB system.

Note

When you use a self-managed key, database operations will be affected if the key is disabled, scheduled for deletion, or deleted. You can enable a disabled key or cancel delete a key in pending deletion to restore full operations of the database. If the key has been deleted without any backup, you will not be able to access the database or backups.
Use one of the following method to update the encryption key of a DB system:

Using the Console

Use the Console to update the encryption key of the DB system.

This task requires the following
Do the following to update the security certificate of the DB system.
  1. On the DB systems list page, select the DB system that you want to work with. If you need help finding the list page or the DB system, see Listing DB Systems - Using the Console.

    The details page opens and displays information about the DB system.

  2. Select the Details tab.
  3. Select Edit under Encryption key.
  4. Update the information:
    • Encrypt using an Oracle-managed key: Let MySQL HeatWave Service manage the encryption key.
    • Encrypt using an customer-managed key: Bring your own encryption key to Oracle Cloud Infrastructure. You need to select one of the following key location:
      • This tenancy: You must first select the Vault and then the Key in the selected vault. You can change the compartment of the vault and key if required.
      • Different tenancy: You must enter the Encryption key OCID in the format, ocid[0-9]+.key.oc[0-9]+.[region].[0-9a-z]{13}.[0-9a-z]{60}. For example, ocid1+.key.oc1.iad.1234567890abc.1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmn.
  5. Select Save.
Note

Updating the encryption key restarts the DB system.