How to Replicate Vaults and Keys
We will be describing how to replicate a virtual private vault so that you can read the keys in the vault from a different region within the same realm.
You cannot replicate a vault unless it was created as a virtual private vault. Because virtual private vaults are not included as an Always Free resource, you must request the appropriate service limits in the destination region where you want to replicate the vault before you configure replication.
Cross-region replication helps protect your organization in disaster recovery scenarios and in the use of resources across different regions. You can replicate virtual private vaults from one region to another region to make them and the keys that they contain available to meet compliance requirements or to improve latency.
When you configure cross-region replication for a virtual private vault, the Vault service automatically synchronizes the creation, deletion, update, or move of any keys or key versions between the initiating vault and a vault in one destination region. The vault from which the service replicates data is known as the source vault. The vault in the destination region to which the service replicates data from the source vault is known as the vault replica.
Following IAM Policy will be reqiured:
Allow service keymanagementservice to manage vaults in tenancyFrom the list of vaults in the compartment, click the name of the vault that you are interested in.
 |
| OCI_replicate_vault |
- In the Replicate Vault dialog box, choose a destination region from the list, and then click Create Replica.
 |
| OCI_replicate_vault_destination |
Click View Replica Details.
 |
| OCI_replicate_vault_replica_details |
In the Destination Resgion it should look like following:
 |
| OCI_replica_vault_replica_destination |
About Manas Ranjan Tripathy
No comments