37. Demo Vault - Oracle Cloud Infrastructure Foundations - video Dailymotion

Psycho Killer

Watch 37. Demo Vault - Oracle Cloud Infrastructure Foundations - Psycho Killer on Dailymotion

Transcript

00:00welcome to this demo on the oci vault service let's get started i am logged on to the oci

00:12console and to bring up the vault service i'll click on click on the navigation menu and click

00:18on identity and security and vault is listed under the identity and security link under the

00:25identity and security menu as it's one of the security services so i'll click on vault and

00:30we'll create a vault and we'll create a master encryption key in that vault so right now you can

00:35see here there is nothing which exists and you can read more on what vaults are and and and so forth

00:43right so if you click on create vault here it gives me an option to create a vault i can provide a name

00:50and it's asking for the compartment i'm okay with the sandbox compartment so let's give it a name i

00:57would say this is a vault demo

00:59and i can i have an option to make it a private a virtual private vault now when you do that virtual

01:08private vault it creates the vault as a dedicated partition on a hardware security module hsm and the

01:14pricing is based on what the usage etc the this option doesn't have a price uh it's a it's a free

01:22offering so there is no uh pricing with price involved with this if you go with hsm then of

01:29course you have to pay uh accordingly so i'll not click this option i'll and then i'll go ahead and

01:34click on create vault it would take uh close to a minute or so and my vault would be created once

01:40the vault is created i will go ahead and create a master encryption key and then what we will do

01:46with the master encryption key is we will use that particular key to uh a key for for a bucket object

01:54storage bucket we will be creating if you recall from one of the previous demos we created a security

02:00zone and we uh we uh we we create we had uh and we associated it with the sandbox compartment and then

02:08we said that any uh buckets which object storage buckets which will which will be created in that

02:15sandbox compartment needs to have a key from the oci vault service it needs a valid key from a vault

02:21that you have access to so this is what we are going to try out in this particular demo so let me

02:26hit pause here as soon as the vault is up and running we'll go ahead and create a master encryption key

02:32all right so that literally took less than a minute and my vault is up and running uh i can see my

02:39cryptographic endpoints management endpoints those are more advanced topics so we'll skip them and right

02:44here i can choose i can create a master encryption key so i'll go ahead and hit master encryption key

02:50i'll create this in the sandbox compartment and i can pick a name for the master encryption key so i'll say

02:56this is my master encryption uh uh key and and this uh is a demo so i'll choose that name and now here

03:05you can see the protection mode whether it's hsm or whether it's software now we'll go for uh for

03:11software because again with hsm uh you you have like a pricing associated and basically the keys

03:17protection mode indicates how the key persist and where cryptographic operations are performed whether they

03:23are performed in the software or they are performed on the hardware security module so we'll go with

03:27software option here and i can choose my in my algorithms here aes rsa ecdsa and i can also change

03:34uh the the key length i'm okay with these uh with these options and i'll go ahead and and create a key

03:40now what will happen is i have a vault and i have a key so i can go ahead and create a storage bucket

03:47using this particular uh this this particular uh key uh from from this uh this vault but before we do

03:55that there is one uh other and you can see the key is actually enabled there is one important uh thing

04:01which we need to do now because we are using the object storage service is using the vault service and

04:09and the key from the vault service it needs access to the vault itself right the object storage service

04:15also needs policies and and access when it's talking with other services so we'll click on policies

04:21here and we'll quickly write that policy so you can see here that in my sandbox compartment i really don't

04:27have any policies i can create this policy at the root level or i can create in the sandbox compartment

04:34it's totally fine so i'll hit create policy and we'll say this is my object storage vault policy

04:45and here i can uh i can bring up the manual editor and this is the policy which we are going to use

04:58so what it says is allow the service in us ashburn one this is us east uh to use keys in compartment

05:06sandbox so what this will do is it will allow this object storage service to use the keys which are coming

05:12from the vault we just created if you don't write this policy then your operation is not going to

05:17work because object storage uh will not have access to the keys so now we'll go ahead uh to finish uh

05:24this operation we'll click on object storage here and we'll go ahead and and and create a bucket uh but

05:30remember the bucket has to be created in the sandbox uh compartment and i had a bucket from uh from a

05:36from a prior demo so i'll go ahead and create bucket here and pick the the default name is fine

05:42and right here you can see the options to do encryption it has to be it could be uh encryption

05:48using oracle managed keys or it could be encryption using customer managed keys so let's pick this

05:53option and right here you can see that i have the vault here the the one we just created and this is

06:00the master encryption key we just created and providing these values now i will be able to create this

06:06particular uh this particular uh bucket uh with but with the keys which we just uh created as part of

06:13this world so i'll go ahead and hit create and you will see that now the bucket is uh is created so

06:20that's a quick demo of the oci vault service and how you can use vault uh with other services in this

06:28case object storage i hope you found this demo useful thanks for your time

37. Demo Vault - Oracle Cloud Infrastructure Foundations

Category

Transcript

Be the first to comment

Recommended