Oracle Cloud Infrastructure Documentation

Updating a Secret in Vault

Update a secret description, change its version, secret generation, and rotation configuration.

To update the contents of a secret in the Console, you must create a new version of the secret. See Creating a Secret Version.

    1. Open the navigation menu, click Identity & Security, and then click Vault.
    2. Under List scope, select a compartment that contains the secret that you want to update.
    3. On the Vaults page, click the name of the vault to open its details page.
    4. Under Resources, click Secrets and then click the name of the secret to open the details page.
    5. To update the secret description, change its version, secret generation, and rotation configuration, click Edit.
    6. To change the secret generation method, select one of the following methods to generate secret:
      • Select Automatic secret generation to generate secret automatically. When enabled, you don't need to provide the secret content. Furthermore, when creating a new secret version, it's autogenerated based on the secret generation type and generation template.
      • Select the Generation type.
        • If you selected Passphrase, select the corresponding Generation context, optionally provide the Passphrase length and Secret format.
        • If you selected SSH Key, select the corresponding Generation context and optionally provide the Secret format.
        • If you selected Bytes, select the corresponding Generation context and optionally provide the Secret format.
      • Select Manual secret generation to manually provide the secret content and provide the following:
        1. In the Secret Type Template, specify the format of the secret contents that you're providing by selecting a template. You can provide secret contents in plain-text when you use the Console to create a vault secret or vault secret version, but secret contents must be base64-encoded before they're sent to the service. The Console automatically encodes plain-text secret contents for you.
        2. In Secret Contents, enter the contents of the secret. (The maximum allowable size for a secret bundle is 25 KB.)
    7. In the Secret Rotation section, provide the following details:
      1. Target system type: Select Target system type as Autonomous Database or Function and provide the corresponding Target system id.
      2. Target system id: The system id is auto populated for the selected target system type.
      3. Enable auto rotation: Select the check box to turn on automatic rotation.
        Note

        If you don't specify target system type and id then, the check box isn't enabled for automatic rotation.
      4. Rotation interval: Optionally, select the rotation interval to update the secret periodically.
    8. Make the necessary changes and then click Update.

  • Use the update-base64 command to update the properties of a secret in a vault.

    Open a command prompt and run oci vault secret update-base64 to update a secret:

    Note

    You must specify a symmetric key to encrypt the secret during import to the vault. You can't encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
    oci vault secret update --secret-id <secret_OCID> --description <updated description>

    For example:

    
oci vault secret update --secret-id ocid1.vaultsecret.oc1.eu-paris-1.amaaaaaaryab66aaoipd6v6orjaric2k6ssgucsvg6gr6l237da4cyj3xniq --description "Updates the secret description"

    Avoid entering confidential information.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the UpdateSecret operation to update the properties of a secret.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.