Oracle Cloud Infrastructure Documentation

Updating a Secret's Content

Learn how to update the content of a secret stored in an OCI Vault. This operation creates a new secret version.

    1. On the Secrets list page, find the secret that you want to work with. If you need help finding the list page, see Listing Secrets.
    2. Select the name of the secret to open the details page.
    3. Select the Versions tab, then select Create Secret Version. Note that you can't create a new secret version for a secret that has a scheduled deletion.
    4. Specify the format of the secret contents you're providing by choosing a template type from the Secret Type Template list. You can provide secret contents in plain-text when you use the Console to create a secret or secret version, but secret contents must be base64-encoded before they're sent to the service. The Console automatically encodes plain-text secret contents for you if you enter plain text.
    5. Enter the Secret Contents. The maximum allowable size for a secret bundle is 25 KB.
    6. If you don't want to immediately promote the new secret version to current, select the Set to Pending checkbox. Otherwise, the new secret version is automatically promoted to be used as the current version.
    7. Select Create Secret Version.

  • Use the oci vault secret update or oci vault secret update-base64 command to update the contents of a secret in a vault, depending on the content type of the secret you're updating:

    oci vault secret update-base64 --secret-id <target_secret_id> --secret-content-content <base64_encoded_secret_content>

    For example:

    
oci vault secret update-base64 --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --secret-content-content bXluZXdwYXNzd29yZA==

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the UpdateSecret API with the Management Endpoint to update the properties of a secret.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.