Oracle Cloud Infrastructure Documentation

Deleting a Secret Version

Learn how to schedule the deletion of a version of a secret stored in an OCI vault.

Note

Replicated secrets are read-only. When you delete a secret version for the source secret, the version is deleted for the secret replica at the same time. See Replicating Secrets for more information.
    1. On the Secret's Versions list page, find the secret version that you want to work with. If you need help finding the list page, see Listing Secret Versions
    2. Find the version in the list, select the Actions menu (three dots), and then select Delete Secret Version.
    3. Confirm that you want to delete the secret version by entering the secret name and selection a deletion date and time, then select Delete Secret Version.
  • Caution

    When a secret version is scheduled for deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, secret contents are irreversibly destroyed. To restore the use of a secret version before it's permanently deleted, you can cancel its deletion.

    use oci vault secret-version schedule-deletion command to delete a secret version.

    oci vault secret-version schedule-deletion --secret-id <target_secret_id> --time-of-deletion <time_in_rfc3339_format>

    For example:

    
oci vault secret-version schedule-deletion--secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample  --time-of-deletion 2020-04-30T10:00:00Z

    By default, the service schedules secrets for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the ScheduleSecretVersionDeletion API with the Management Endpoint to schedule the deletion of a secret version.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.