OCI Requirements for Cryptographic Security Platform Vault BYOK

Before you can connect to Cryptographic Security Platform Vault, you will need the following:

OCI Entity	Description
User	The user you will use to connect to Cryptographic Security Platform Vault. This can be a new or existing user.
User Group	A user group that will be used for BYOK management users. This can be a new or existing group. The user that you selected must be added to this group.
Compartment	If you plan on using compartments, you must have created the appropriate compartments before you connect to Cryptographic Security Platform Vault. Vaults and keys must be created in this compartment or subcompartment. Access permissions for compartments are controlled at the user group level. Note: If you are not using compartments, please ensure that your vault, keys, user group, and users are all in the root tenancy.
Policy	The policy grants the user group the appropriate permissions to manage keys and vaults. The Policy use cases drop-down under Policy Builder must be set to 'Key and Secret Management'. The 'Let security admins manage vaults, keys and secrets' policy must be selected. Under Identity Domain, the user group that you created must be selected for Groups, and the compartment that you created must be selected for Location.
Vault	The OCI keys reside inside of vaults. The vault that you want to use must be created inside your compartment. The user group that you selected must have permissions to manage this vault. Note: You can choose to use a virtual private vault. If you do, you will need to have a storage bucket configured and accessible in the same compartment as the vault.