Customers of Oracle Cloud Infrastructure moved their workloads to the cloud knowing that their data would be protected by encryption keys that are securely stored and controlled by Oracle. However, some customers, especially those operating in regulated industries, asked Oracle to help them verify their security governance, regulatory compliance, and homogeneous encryption of their data where it is stored.
Effective immediately, Oracle Cloud Infrastructure Key Management is available to customers in all Oracle Cloud Infrastructure regions. Key Management is a managed service that enables you to encrypt your data using keys that you control.
Key Management durably stores your keys in key vaults that use FIPS 140-2 Level 3 certified hardware security modules (HSMs) to protect the security of your keys. You can use the Key Management service through the Console, API, or CLI to create, use, rotate, enable, and disable Advanced Encryption Standard (AES) symmetric keys. As a managed service, Key Management lets you focus on your data encryption needs without requiring you to worry about procuring, provisioning, configuring, updating, and maintaining HSMs and key management software or appliances.
Integration with Oracle Cloud Infrastructure Block Volumes, Oracle Cloud Infrastructure Compute boot volumes, and Oracle Cloud Infrastructure Object Storage means that encrypting your data with keys that you control is as straightforward as selecting a key from the Key Management service when you create or update a block volume or bucket.
Example: Creating a Block Volume using keys from Key Management
Example: Edit or unassign a previously assigned key from a Block Volume
Integration with Oracle Cloud Infrastructure Identity & Access Management (IAM) and Oracle Cloud Infrastructure Audit lets you control the permissions on individual keys and key vaults, and monitor their life cycles.
Example: Enable Block and Boot Volume encryption using Key Management
Learn more about how to get started with Oracle Cloud Infrastructure Key Management in our documentation and our FAQs.
This post was written by guest blogger Ulf Schoo, a consulting member of the technical staff on the Oracle Cloud Infrastructure team.