Best practices

Customer Managed Key (CMK) not rotated

  • N/A


Oracle Cloud Infrastructure Vault securely stores master encryption keys that protect your encrypted data. You can use the Vault service to rotate keys to generate new cryptographic material. It was detected that vault {OciVault.Name} has a Customer Managed Key (CMK) that was not rotated in the last 365 days. Rotating keys annually limits the amount of data encrypted by one key version, and thereby reduces the risk in case a key is ever compromised.