Editing a Key to a Block Volume

Editing a key to a block volume.

• Console
• CLI
• API

• Important
  
  The Block Volume service does not support encrypting volumes with keys encrypted using the Rivest-Shamir-Adleman (RSA) algorithm. When using your own keys, you must use keys encrypted using the Advanced Encryption Standard (AES) algorithm. This applies to block volumes and boot volumes.

  1. Open the navigation menu  and select Storage. Under Block Storage, select Block Volume Backups.
  2. Under List Scope, in the Compartment list, select the compartment that contains the block volume that you want to encrypt with a Vault service master encryption key.
  3. From the list of volumes, select the volume name.

  4. Then, do one of the following:

     • If the volume already has a key assigned to it, next to Encryption Key, select Edit to assign a different key.
     • If the volume doesn't already have a key assigned to it, next to Encryption Key, select Assign.

  5. Select the vault compartment, vault, key compartment, and key.

  6. When you're finished, select Assign or Update, as appropriate.

• Open a command prompt and run oci bv volume-kms-key update to assign a new Vault service master encryption key to an existing block volume:

  oci bv volume-kms-key update --volume-id <target_blockvolume_id> --kms-key-id <new_key_id>

  For example:

  
  oci bv volume-kms-key update --volume-id ocid1.volume.oc1.sea.examplerwzq7bnohn5vf6b7k4zkp54miqfcvg6xsuvkllgzzw63mfuu6z5fa --kms-key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq

  For a complete list of parameters and values for CLI commands, see KMS CLI Command Reference.

• Run the UpdateVolumeKmsKey operation to update a key for a block volume.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.