Creating a Mapped Secret

Create mapped secrets to use in decryption profiles to decrypt and inspect SSL/TLS traffic with SSL forward proxy or SSL Inbound inspection.

Before you can create a mapped secret:

See Creating Network Firewall Policy Components for more information.

You can create a maximum of 300 SSL inbound inspection mapped secrets. You can create a maximum of one SSL forward proxy mapped secret.
    1. Open the navigation menu and click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click a policy in the list.
    3. In Policy resources, click Mapped secrets.
    4. Click Create mapped secret.
    5. Enter the information for the mapped secret:
      • Name: Enter a friendly name for the mapped secret. Avoid entering confidential information.
      • Type: Select a Mapped secret type. Use SSL inbound inspection if you plan to decrypt or inspect SSL/TLS traffic from internal users to the internet. Use SSL forward proxy if you plan to decrypt or inspect inbound SSL/TLS traffic from a client to a network server.
      • Vault: Select the Oracle Cloud Infrastructure Vault that contains the secret you want to map to the inbound or outbound key.
      • Secret: Select the secret you want to map to the inbound or outbound key.
      • Version: Select the version of the secret you want to use.
    6. Click Create mapped secret.
  • Use the network-firewall mapped-secret create command and required parameters to create a mapped secret:

    oci network-firewall mapped-secret create --name my_mapped_secret --source OCI_VAULT
    --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
    --type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateMappedSecret operation to create a mapped secret.