From dbe707c05d48ba912bbf2f496ba190f08eeb9223 Mon Sep 17 00:00:00 2001
From: Fi Quick <47183728+fiquick@users.noreply.github.com>
Date: Tue, 22 Oct 2024 17:48:59 +0300
Subject: [PATCH] aura api cloning (#475)

Co-authored-by: Jessica Wright <49636617+AlexicaWright@users.noreply.github.com>
---
 .../pages/platform/security/encryption.adoc   | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/modules/ROOT/pages/platform/security/encryption.adoc b/modules/ROOT/pages/platform/security/encryption.adoc
index 6cb1500ef..85ce49731 100644
--- a/modules/ROOT/pages/platform/security/encryption.adoc
+++ b/modules/ROOT/pages/platform/security/encryption.adoc
@@ -55,10 +55,23 @@ For more information see the xref:auradb/importing/import-database.adoc#_neo4j_a
 === Clone an instance protected by CMK
 
 To clone an instance protected by a Customer Managed Key, the key must be valid and available to Aura.
-The cloned instance, by default, uses the available Customer Managed Key for that region and product.
+If the same CMK does not exist in the destination region and product, the cloned instance must be encrypted with an available CMK for that region and product.
 
-It is best practice to use the same CMK key as the instance it’s being cloned from. 
-You can override this to use another CMK key--but you can not use the Neo4j Managed Key.
+It is best practice to use the same Customer Managed Key as the instance it’s being cloned from. 
+You can override this to use another Customer Managed Key - but you can not use the Neo4j Managed Key.
+
+When cloning an instance that is encrypted with a Customer Managed Key, specific restrictions apply when using the API.
+Below are the details and possible errors that you may encounter depending on the cloning method and key configurations.
+
+.Summary of cloning restrictions
+|===
+| Cloning method   | Destination key            | Result
+
+| **Console & API**          | Same CMK as source instance                            | Cloning allowed.
+| **Console**         | Different CMK than source instance                       | Cloning allowed. Warning message shown.
+| **Console**         | Neo4j Managed Key                        | Cloning blocked. Error message shown.
+| **API**         | Different CMK than source instance, or Neo4j Managed Key                        | Cloning blocked. Error message shown.
+|===
 
 === Remove a CMK from Aura