Oracle Cloud Infrastructure Documentation

Updating a Secret

Learn how to update the properties of a secret.

Not that to update the contents of a secret using the Console, you must create a new version of the secret. See Creating a Secret Version for instructions.

    1. Open the navigation menu , select Identity & Security, and then select Vault.
    2. Under List scope, select a compartment that contains the secret that you want to update.
    3. On the Vaults page, select the name of the vault to open its details page.
    4. Under Resources, select Secrets and then select the name of the secret to open the details page.
    5. To update the secret description, change its version, secret generation, and rotation configuration, select Edit.
    6. To change the secret generation method, select one of the following methods to generate secret:
      • Select Automatic secret generation to generate secret automatically. When enabled, you don't need to provide the secret content. Furthermore, when creating a new secret version, it's autogenerated based on the secret generation type and generation template.
      • Select the Generation type.
        • If you selected Passphrase, select the corresponding Generation context, optionally provide the Passphrase length and Secret format.
        • If you selected SSH Key, select the corresponding Generation context and optionally provide the Secret format.
        • If you selected Bytes, select the corresponding Generation context and optionally provide the Secret format.
      • Select Manual secret generation to manually provide the secret content and provide the following:
        1. In the Secret Type Template, specify the format of the secret contents that you're providing by selecting a template. You can provide secret contents in plain-text when you use the Console to create a vault secret or vault secret version, but secret contents must be base64-encoded before they're sent to the service. The Console automatically encodes plain-text secret contents for you.
        2. In Secret Contents, enter the contents of the secret. (The maximum allowable size for a secret bundle is 25 KB.)
    7. In the Secret Rotation section, provide the following details:
      1. Target system type: Select Target system type as Autonomous Database or Function and provide the corresponding Target system id.
      2. Target system id: The system id is auto populated for the selected target system type.
      3. Enable auto rotation: Select the checkbox to turn on automatic rotation.
        Note

        If you don't specify target system type and id then, the checkbox isn't enabled for automatic rotation.
      4. Rotation interval: Optionally, select the rotation interval to update the secret periodically.
    8. Make the necessary changes and then select Update.

  • Use the update-base64 command to update the properties of a secret in a vault.

    Open a command prompt and run oci vault secret update-base64 to update a secret:

    Note

    You must specify a symmetric key to encrypt the secret during import to the vault. You can't encrypt secrets with asymmetric keys. Furthermore, the key must exist in the vault that you specify.
    oci vault secret update --secret-id <secret_OCID> --description <updated description>

    For example:

    
oci vault secret update --secret-id ocid1.vaultsecret.oc1.eu-paris-1.amaaaaaaryab66aaoipd6v6orjaric2k6ssgucsvg6gr6l237da4cyj3xniq --description "Updates the secret description"

    Avoid entering confidential information.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the UpdateSecret API with the Management Endpoint to update the properties of a secret.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.