Key Management

Centrally manage and maintain control of the encryption keys that protect enterprise data and the secret credentials used to securely access key vault resources.

Watch our demonstration of OCI Vault (1:45)
  • OCI Vault

    A customer-managed encryption service that enables you to control the keys that are hosted in Oracle Cloud Infrastructure (OCI) hardware security modules (HSMs) while Oracle administers the HSMs.

  • OCI Dedicated KMS

    A single-tenant HSM partition as a service that provides a fully isolated environment for storing and managing encryption keys. You can control and claim ownership of the HSM partitions and use standard interfaces, such as PKCS#11, to perform cryptographic operations.

  • OCI External KMS

    Enables you to use your own third-party key management system to protect data in OCI services. You control the keys and HSMs outside OCI, and you’re responsible for the administration and manageability of those HSMs.

OCI Key Management Service features

Adopt a cloud key management service to encrypt enterprise data.

Store keys in a certified security module

Manage the security of encryption keys that protect data and the secret credentials used to securely access resources by storing them in a FIPS 140-2, Level 3-certified, hardware security module (HSM).

Optimize resources for key management

Focus on enterprise encryption needs rather than procuring, provisioning, configuring, updating, and maintaining HSMs and key management software.

Enhance access control and compliance auditing

Control permissions for individual keys and vaults with Oracle Cloud Infrastructure Identity and Access Management. Monitor key lifecycle with Oracle Audit to meet enhanced compliance requirements.

Maintain custody of your keys at your own site

Built in partnership with Thales, OCI External Key Management Service allows you to encrypt your data using encryption keys that you create and manage outside OCI.

October 25, 2023

OCI Key Management: The key to protecting your data in Oracle Cloud

Frederick Bosco, Oracle Principal Product Manager

Oracle Cloud Infrastructure Key Management Service is a cloud-based service that provides centralized management and control of encryption keys for data stored in OCI. OCI encryption offerings are divided into two categories: Oracle-managed encryption and customer-managed encryption.

Read the complete post

Featured blogs

View all

Key Management resources

Cloud readiness

Oracle Cloud Free Tier

Build, test and deploy applications on Oracle Cloud—for free. Sign up once, get access to two free offers.


Oracle Vault Overview

Get the latest documentation for Oracle Vault.

Customer community

Join a community of peers

Cloud Customer Connect is Oracle's premier online cloud community. With more than 200,000 members, it’s designed to promote peer-to-peer collaboration and sharing of best practices, product updates, and feedback.

Cloud learning

Develop Oracle Cloud Security skills

Oracle University provides training and certification to ensure the organization’s success, all delivered in a choice of formats.

Additional areas of interest:

Isolated Network Virtualization

SmartNIC to protect the network

Autonomous Linux

Get to know about the world’s first autonomous operating system

Achieving Compliance

Learn how Oracle Cloud Infrastructure is addressing global compliance concerns

Oracle Cloud Infrastructure Regions

See Oracle Cloud Infrastructure Data Center Regions

Get started with OCI Vault

Oracle Cloud Infrastructure Security

Read the architecture report.

Try Oracle Cloud

Take advantage of the Oracle Cloud free tier.

Security Differentiators of Oracle Cloud

Learn more about Oracle Cloud Infrastructure Security differentiators.