OCI Vault

OracleSecurityFree tier available

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore OCI in TreemapExplore security in HoneycombSee OCI regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingOCI website

Jurisdictional exposure

Provider HQ
USAustin, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACEEAEUUKUSOther58 regions across 6 jurisdictions
Sovereign option
Yes — 12 sovereign-flagged regions available
Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Sub-services (3)

Master Encryption Keys

Symmetric AES and asymmetric RSA/ECC keys for encryption

Secrets

Versioned secret storage with rotation support

Virtual Private Vaults

Dedicated HSM partition for regulatory compliance

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

58 regions
27 countries
12sovereign
Sovereign regions (12)
  • EU Sovereign Spain (Madrid) · MadridOracle EU Sovereign Cloud
  • EU Sovereign Germany (Frankfurt) · FrankfurtOracle EU Sovereign Cloud
  • US Gov East (Ashburn) · AshburnOracle US Government Cloud
  • US Gov West (Phoenix) · PhoenixOracle US Government Cloud
  • US Federal (Ashburn) · AshburnOracle US Government Cloud
  • US Federal (Chicago) · ChicagoOracle US Government Cloud
  • US Federal (Phoenix) · PhoenixOracle US Government Cloud
  • US DoD East · AshburnOracle DoD Cloud (US)
  • US DoD Central · ChicagoOracle DoD Cloud (US)
  • US DoD West · PhoenixOracle DoD Cloud (US)
  • UK Government (London) · LondonOracle UK Government Cloud
  • UK Government (Newport) · NewportOracle UK Government Cloud
Commercial regions (46)

Europe (12)

  • France South (Marseille)
  • France Central (Paris)
  • Germany Central (Frankfurt)
  • Italy Northwest (Milan)
  • Italy North-West (Turin)
  • Netherlands Northwest (Amsterdam)
  • Serbia Central (Jovanovac)
  • Spain Central (Madrid)
  • Sweden Central (Stockholm)
  • Switzerland North (Zurich)
  • UK South (London)
  • UK West (Newport)

North America (8)

  • Canada Southeast (Montreal)
  • Canada Southeast (Toronto)
  • Mexico Northeast (Monterrey)
  • Mexico Central (Querétaro)
  • US East (Ashburn)
  • US Midwest (Chicago)
  • US West (Phoenix)
  • US West (Salt Lake City)

South America (5)

  • Brazil East (São Paulo)
  • Brazil Southeast (Vinhedo)
  • Chile Central (Santiago)
  • Chile West (Valparaíso)
  • Colombia Central (Bogotá)

Asia (11)

  • India South (Hyderabad)
  • India West (Mumbai)
  • Indonesia Central (Batam)
  • Japan Central (Osaka)
  • Japan East (Tokyo)
  • Malaysia Central (Kulai)
  • Malaysia West 2 (Kulai)
  • Singapore (Singapore)
  • Singapore West
  • South Korea North (Chuncheon)
  • South Korea Central (Seoul)

Oceania (2)

  • Australia Southeast (Melbourne)
  • Australia East (Sydney)

Middle East (6)

  • Israel Central (Jerusalem)
  • Saudi Arabia West (Jeddah)
  • Saudi Arabia Northwest (NEOM)
  • Saudi Arabia Central (Riyadh)
  • UAE Central (Abu Dhabi)
  • UAE East (Dubai)

Africa (2)

  • Morocco Central (Casablanca)
  • South Africa Central (Johannesburg)

Tags

secretskeyskmssecurityencryption

Equivalent services on other platforms

AWS KMSAWS

Create and manage cryptographic keys for encryption at rest and in transit with AWS-managed, customer-managed, and imported keys, automatic rotation, and FIPS 140-2 validated HSMs

AWS Secrets ManagerAWS

Fully managed service to store, rotate, and audit secrets such as database credentials, API keys, and OAuth tokens with native rotation Lambda integrations for RDS, Redshift, and DocumentDB

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Cloud KMSGCP

Cloud-hosted key management for encryption at rest with symmetric and asymmetric keys, customer-supplied keys, HSM-backed keys, and automatic rotation

Secret ManagerGCP

Fully managed secret storage with automatic replication across regions, VPC Service Controls integration, CMEK encryption, version history, per-secret IAM, and rotation via Cloud Scheduler plus Cloud Run hooks — used by GKE, Cloud Run, and Compute Engine workloads

Huawei Data Encryption Workshop (DEW)Huawei

Unified cryptographic services including Key Management Service for envelope encryption, Cloud Secret Management Service for secret storage and rotation, Key Pair Service for SSH key management, and Dedicated HSM for FIPS 140-2 Level 3 workloads

OpenStack BarbicanOpenStack

Key management service for symmetric and asymmetric keys, certificates, and other secret material — pluggable backends include software KMS, HSM via PKCS#11, Vault, and KMIP-compliant appliances. Equivalent to AWS KMS / Azure Key Vault / Cloud KMS in the cross-provider mapping

Tencent Key Management ServiceTencent

Managed cryptographic key service with customer master keys (CMKs), envelope encryption for Tencent services, automatic and manual rotation, imported key material (BYOK), Managed HSM for single-tenant FIPS 140-2 Level 3 compliance, and audit logging via CloudAudit

Pricing

Pricing model:per-key-per-month