Updating a Secret's Rule
Edit a secret rule for its rule type and configuration in the OCI Vault service.
- Open the navigation menu, click Identity & Security, and then click Vault.
- Under List scope, select the compartment that contains the secret that you want to update it rule.
- On the Vault page, click the name of the vault.
- Under Resources, click Secrets and then click the name of the secret to view its details page.
- Under Table Scope, click Rules and then click Edit Rules.
- In the Edit Rule panel, edit the following:
- Rule Type: You can specify Secret Reuse Rule or Secret Expiry Rule. At most, you can have one of each. If you already have one rule, but want to add another, click + Another Rule.
- Configuration (for reuse rule): You can either enforce the reuse rule so it applies even to deleted secrets versions, or you can allow reuse of vault secret contents from deleted secret versions.
- Configuration (expiry rule): You can set how frequently you want secret contents to expire and what you want to happen when the secret or secret version expires. Expiration of individual secret versions is represented by a period of 1 to 90 days that you can specify with the arrow buttons or entering a number. Expiration of the secret itself is represented by an absolute time and date between 1 to 365 days from the current time and date. Specify this date by using the date picker. You can configure expiry values for both the secret version and secret or just one of the two. (It's possible to clear the secret version expiry interval, but you must delete the entire expiry rule and start over if you want to set an absolute time to expire the secret.)
- If you want to delete a rule, do one of the following:
-
To delete the secret version rule, clear the days configured.
-
To delete the rule altogether, click the X next to the rule.
-
- Click Save Changes.
Open a command prompt and run
oci vault secret update
to edit a secret's configured rules:oci vault secret update --secret-id <target_secret_id> --secret-rules <secret_rules_in_JSON_format>
For example:
oci vault secret update --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --secret-rules '[{"isEnforcedOnDeletedSecretVersions":"true","ruleType":"SECRET_REUSE_RULE"}]'
You can specify a secret reuse rule or a secret expiry rule. At most, you can have one of each rule type.
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
This task cannot be performed using the API.