Managing Secrets
Create and manage vault secrets, secret tags, and secret rules.
Following are the functionalities performed in vault secret management:
- Create vault secrets
- View secret details
- View a list of secrets
- View a list of vault secret versions for a specific secret
- Update a secret description
- Create a new secret version (by updating secret contents)
- Promote a secret version to current
- Manage a secret tags
- View a secret rules
- Add or edit secret rules
- Delete secrets or secret versions to permanently prevent the use of their secret contents
- Move a secret to a new compartment
- View properties for all secret versions
- Cancelling deletion of a secret
- Cancelling deletion of a secret version
- Updating a secret content to create a new secret version
Before You Begin
Before you begin, we recommend that you first read Rules for Secrets and Secret Versions and Rotation States to better understand the implications of working with rules, secret versions, and secret version rotation states.
Required IAM Policy
To use Oracle Cloud Infrastructure, you must be granted security access in a policy by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment to work in.
For administrators:
- The policy Let security admins manage vaults, keys, and secrets lets the specified group do everything with vaults, keys, and secrets.
- The policy Let security admins manage all secrets in a specific vault in a compartment lets the specified group do everything with secrets in a specific vault.
- The policy Let users read, update, and rotate all secrets lets the specified group read, update, and rotate all secrets in any vault in the tenancy.
- For more information about permissions or if you need to write more restrictive policies for secrets, see Details for the Vault Service.
If you're new to policies, see Getting Started with Policies and Common Policies.
Tagging Resources
You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.
Monitoring Resources
You can monitor the health, capacity, and performance of your Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.
For information about monitoring the traffic associated with your secrets, see Monitoring Vault Resources.
Moving Resources to a Different Compartment
You can move secrets from one compartment to another. After you move a secret to a new compartment, inherent policies apply immediately and affect access to the secret and secret versions. Moving a secret doesn't affect access to the vault that a secret is associated with. Similarly, you can move a vault from one compartment to another independently of moving any of its secrets. For more information, see Managing Compartments.