Data protection

Boot volume is not encrypted with a customer managed key (CMK)


When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. By default, the Oracle service manages the keys that encrypt this boot volume. Boot volumes can also be encrypted using a customer-managed key to create an additional level of security. It was detected that the Boot Volume {OciBootVolume.Name} is not encrypted with a customer-managed key (CMK). Management of encryption keys is critical to protecting and accessing protected data.