Best practice rules for OCI KMS
- Check for Cost Allocation Tags
Ensure that OCI KMS Vaults have cost allocation tags for accurate cost allocation and budget tracking.
- Check for Environment Tags
Ensure that OCI KMS Vaults have environment tags for proper resource management and access control.
- Check for KMS Key Protection Mode
Ensure that OCI KMS Vaults use SOFTWARE-protected keys for cost optimization when HSM security is not required.
- Rotate KMS Customer-Managed Keys (CMKs)
Ensure that your OCI KMS Customer-Managed Keys (CMKs) are regularly rotated.
- Unused KMS Customer-Managed Keys (CMKs)
Identify excessive unused Customer-Managed Keys (CMKs) and delete them to help lower the cost of your monthly OCI bill.
- Virtual Private Vaults
Ensure that your OCI KMS Vaults reside on an isolated partition within a Hardware Security Module (HSM).