Creating Key Reference Version

Learn how to create a key reference version for an encryption key stored in an external key management system.

Use this operation to retire the current key reference version and create a new key reference version.

    1. On the External Key Management Vaults page, find the vault that you want to work with. If you need help finding the list page or the vault, see Listing External Key Management Vaults.
    2. Select the name of the vault that has the key reference you want to work with.
    3. In the Keys tab, select a key reference.
    4. In the Key Reference Versions tab, select Rotate Key Reference.
    5. On the Rotate Key Reference page, enter the key rotation version ID.
    6. Select Rotate Key Reference.

      A new entry is added to the Version table and the rotation status is set as "Enabled."

  • Use the oci kms management key-version create command to create a key reference version.

    oci kms management key-version create --external-key-version-id

    Avoid entering confidential information.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the CreateKeyVersion API with the Management Endpoint to create a new key reference version for an external key in External Key Management.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.