Oracle Cloud Infrastructure Documentation

Restoring Vault from a Backup

Learn how to restore a vault from a backup.

The restore vault feature is only available for virtual private vaults. You can monitor the progress of the restore operation through the work request for the restore. See Using the Console to View Work Requests for more information.

    1. On the Vaults list page, find the vault that you want to work with. If you need help finding the list page, see Listing Vaults.
    2. Select the name of the value to view its details.
    3. Select Actions, then select Update Vault from Backup.
    4. Select a backup source. You can import a vault backup from the following sources: an Object Storage bucket, a preauthenticated Object Storage URL, or a file on your local machine or a mapped network location.
    5. Do one of the following, depending on what you chose in the previous step:
      • Select a bucket. If needed, you can change the compartment to find a bucket in a different compartment. Then, select the file containing the vault backup.
      • Select the Object Storage URL option, then provide a preauthenticated URL. Include the backup's file name.
      • Using Upload a File, drag a file or select one from your local machine or a mapped network location.
    6. When you're finished, select Update Vault.

  • Use the oci kms management vault restore command to restore a vault from OCI Object Storage. 

    oci kms management vault restore --compartment-id <compartment_id>

    Use the oci kms management vault restore-from-file command to restore a vault from an encrypted file.

    oci kms management vault restore-from-file --compartment-id <compartment_id> --restore-vault-from-file-location <file_location>

  • Use the RestoreVaultFromFile API or the RestoreVaultFromObjectStore API with the Management Endpoint to restore a vault from a backup.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.