Managing Secrets

Note

Support for secrets is not available in Oracle Cloud Infrastructure Government Cloud realms.

This topic describes how to manage secrets. Management of secrets includes the ability to do the following:

  • Create secrets
  • View secret details
  • View a list of secrets
  • View a list of secret versions for a specific secret
  • Update a secret description
  • Create a new secret version (by updating secret contents)
  • Promote a secret version to current
  • Manage a secret's tags
  • View a secret's rules
  • Add or edit secret rules
  • Delete secrets or secret versions to permanently prevent the use of their secret contents
  • Move a secret to a new compartment

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  you should work in.

For administrators:

If you're new to policies, see Getting Started with Policies and Common Policies.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Monitoring Resources

You can monitor the health, capacity, and performance of your Oracle Cloud Infrastructure resources by using metrics, alarms, and notifications. For more information, see Monitoring Overview and Notifications Overview.

For information about monitoring the traffic associated with your secrets, see Vault Metrics.

Moving Resources to a Different Compartment

You can move secrets from one compartment to another. After you move a secret to a new compartment, inherent policies apply immediately and affect access to the secret and secret versions. Moving a secret doesn't affect access to the vault that a secret is associated with. Similarly, you can move a vault from one compartment to another independently of moving any of its secrets. For more information, see Managing Compartments.

Using the Console

To create a new secret
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment where you want to create a secret.
  3. From the list of vaults in the compartment, do one of the following:

    • Click the name of the vault where you want to create a secret.

    • Create a new vault for the secret by following the instructions in To create a new vault, and then click the name of the vault.

  4. Click Secrets, and then click Create Secret.
  5. In the Create Secret dialog box, choose a compartment from the Create in Compartment list. (Secrets can exist outside the compartment the vault is in.)
  6. Click Name, and then enter a name to identify the secret. Avoid entering any confidential information in this field.
  7. Click Description, and then enter a brief description of the secret to help identify it. Avoid entering any confidential information in this field.
  8. Choose the master encryption key that you want to use to encrypt the secret contents while they're imported to the vault. (The key must belong to the same vault.)
  9. Specify the format of the secret contents you're providing by choosing a template type from the Secret Type Template list. (You can provide secret contents in plain-text when you use the Console to create a secret or secret version, but secret contents do need to be base64-encoded before they're sent to the service. The Console automatically encodes plain-text secret contents for you if you choose this format.)
  10. Click Secret Contents, and then enter the secret contents. (The maximum allowable size for a secret bundle is 25 KB.)
  11. Optionally, you can apply a rule to manage how secrets are used. You can either create a rule regarding the reuse of secret contents across versions of a secret, or you can create a rule specifying when the secret contents expire. For more information about rules, see Rules for Secrets.
    • Rule Type. You can specify a Secret Reuse Rule or a Secret Expiry Rule. At most, you can have one of each. If you already have one rule, but want to add another, click + Another Rule.
    • Reuse rule configuration: You can either enforce the reuse rule so it applies even to deleted secrets versions, or you can allow reuse of secret contents from deleted secret versions.

    • Expiry rule configuration: You can set how frequently you want secret contents to expire and what you want to happen when the secret or secret version expires. Expiration of individual secret versions is represented by a period of 1 to 90 days that you can specify with the arrow buttons or entering a number. Expiration of the secret itself is represented by an absolute time and date between 1 to 365 days from the current time and date. Specify this date by using the date picker. You can configure expiry values for both the secret version and secret or just one of the two. (It's possible to clear the secret version expiry interval, but you must delete the entire expiry rule and start over if you want to set an absolute time to expire the secret.)

  12. If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, then skip this option (you can apply tags later) or ask your administrator.
  13. When you are finished, click Create Secret.
To view secret details
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret you're interested in.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret for which you want to see configuration details. (If needed, first change the list scope to the compartment that contains the secret, and then click the secret name.)
  5. The console displays the following information:

    • OCID: The unique, Oracle-assigned ID of the secret.
    • Created: The date and time when you initially created the secret.
    • Compartment: The name of the compartment that contains the secret.
    • Vault: The name of the vault that contains the secret.
To view a list of secrets
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secrets you're interested in.
  3. From the list of vaults in the compartment, click the vault name.

  4. To see a list of secrets in this vault, click Secrets. You can see secrets in different compartments by changing the list scope.
To view a list of secret versions
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret you're interested in.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret for which you want to see a list of secret versions. (If needed, first change the list scope to the compartment that contains the secret, and then click the secret name.)
  5. Under Secret Version List, you can see all versions that exist for the selected secret. For more information about secret versions, see Secret Versions and Rotation States.
To update a secret description
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret with the description you want to update.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret you want to edit. (If needed, first change the list scope to the compartment that contains the secret.)
  5. Click Edit.
  6. In the Edit Secret dialog box, click Description, and then enter a new description. Avoid entering any confidential information in this field.
  7. When you are finished, click Save Changes.
To update a secret's contents to create a new secret version
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault with the secret you want to provide with new secret contents.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret with the secret contents you want to update. (If needed, first change the list scope to the compartment that contains the secret.)
  5. Click Create Secret Version. (You can only create a new secret version for a secret that's not pending deletion.)
  6. Specify the format of the secret contents you're providing by choosing a template type from the Secret Type Template list. (You can provide secret contents in plain-text when you use the Console to create a secret or secret version, but secret contents do need to be base64-encoded before they're sent to the service. The Console automatically encodes plain-text secret contents for you if you choose this format.)
  7. Click Secret Contents, and then enter the secret contents. (The maximum allowable size for a secret bundle is 25 KB.)
  8. If you don't want to immediately promote the new secret version to current, select the Set to Pending check box. Otherwise, this new secret version is automatically promoted as the current version.
  9. Click Create Secret Version.
To promote an existing secret version to current
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret that you want to update.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret that you want to update to use a different secret version. (If needed, first change the list scope to the compartment that contains the secret.)
  5. Make a different secret version the current secret version by doing one of the following:
    • Click Edit, click Current Version, and then click the version number you want to promote. When you're ready, click Save Changes.
    • Under Secret Version List, locate the version number that you want to promote, click the Actions icon (three dots) for that secret version, and then click Promote to Current. Confirm the promotion by clicking Promote to Current.
To manage a secret's tags
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret for which you want to manage tags.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, locate the secret you want to manage, and then click the secret name. (If needed, first change the list scope to the compartment that contains the secret, and then click the secret name.)
  5. On the Secret Details page, click the Tags tab to view or edit existing tags. Or, click Add Tags to add new ones.
To view a secret's rules
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret for which you want to view configured rules.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret that has rules you want to view. (If needed, first change the list scope to the compartment that contains the secret, and then click the secret name.)
  5. On the Secret Details page, click Rules to view existing rules.
To edit a secret's rules
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret for which you want to add or edit rules.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and then click the name of the secret. (If needed, first change the list scope to the compartment that contains the secret, and then click the secret name.)
  5. On the Secret Details page, click Rules, and then click Add/Edit Rules.
    • Rule Type. You can specify a Secret Reuse Rule or a Secret Expiry Rule. At most, you can have one of each. If you already have one rule, but want to add another, click + Another Rule.
    • Reuse rule configuration: You can either enforce the reuse rule so it applies even to deleted secrets versions, or you can allow reuse of secret contents from deleted secret versions.

    • Expiry rule configuration: You can set how frequently you want secret contents to expire and what you want to happen when the secret or secret version expires. Expiration of individual secret versions is represented by a period of 1 to 90 days that you can specify with the arrow buttons or entering a number. Expiration of the secret itself is represented by an absolute time and date between 1 to 365 days from the current time and date. Specify this date by using the date picker. You can configure expiry values for both the secret version and secret or just one of the two. (It's possible to clear the secret version expiry interval, but you must delete the entire expiry rule and start over if you want to set an absolute time to expire the secret.)

  6. If you want to delete a rule while you're configuring them, do one of the following:
    • To delete the secret version rule, clear the days configured.

    • To delete the rule altogether, click the X next to the rule.

  7. When you're ready, click Save Changes.
To delete a secret
Caution

When a secret is pending deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, its are irreversibly destroyed. If you want to restore the use of a secret before it is permanently deleted, you can cancel its deletion.
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret you want to delete.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, locate the secret you want to delete, and then click the Actions icon (three dots) for that secret. (If needed, first change the list scope to the compartment that contains the secret.)
  5. In the Actions menu, click Delete Secret.
  6. Confirm that you want to delete the secret by clicking the box and then typing the secret name.
  7. Schedule when you want Vault to delete the secret. By default, the service schedules secrets for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.
  8. When you're ready, click Delete Secret. If needed, you can restore use of the secret and access to resources and services that use the contents of that secret by canceling the scheduled deletion and making the secret version current again.
To delete a secret version
Caution

When a secret version is pending deletion, resources or services that rely on that secret version immediately become inaccessible. The secret version also can't be rotated or otherwise updated. When the secret version is deleted, its contents are irreversibly destroyed. If you want to restore the use of a secret version before it is permanently deleted, you can cancel its deletion.
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret with the secret version you want to delete.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, and the click the secret name. (If needed, first change the list scope to the compartment that contains the secret.)
  5. Under Secret Versions List, locate the secret version, and then click the Actions icon (three dots) for that secret version.
  6. In the Actions menu, click Delete Secret Version.
  7. Confirm that you want to delete the secret version by clicking the box and then typing the secret version number.
  8. Schedule when you want Vault to delete the secret version. By default, the service schedules secret versions for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.
  9. When you're ready, click Delete Secret Version. If needed, you can restore use of the secret version and access to resources or services that use the contents of that secret version by canceling the scheduled deletion and making the secret version current again.
To cancel the deletion of a secret
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret you no longer want to delete.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, locate the secret for which you want to cancel deletion, and then click the Actions icon (three dots) for that secret. (If needed, first change the list scope to the compartment that contains the secret.)
  5. In the Actions menu, click Cancel Deletion.
  6. Confirm that you want to cancel the secret's deletion by clicking Cancel Deletion. Access to the secret and any resources or services that used the contents of the secret can be restored after the secret returns to active, current use.
To cancel the deletion of a secret version
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under List Scope, in the Compartment list, click the name of the compartment that contains the vault that has the secret with the secret version you no longer want to delete.
  3. From the list of vaults in the compartment, click the vault name.

  4. Click Secrets, locate the secret with the secret version for which you want to cancel deletion, and then click the secret name. (If needed, first change the list scope to the compartment that contains the secret.)
  5. Under Secret Versions List, locate the secret version, and then click the Actions icon (three dots) for that secret version.
  6. In the Actions menu, click Cancel Deletion.
  7. Confirm that you want to cancel the secret version's deletion by clicking Cancel Deletion. Access to the secret version and any resources or services that used its contents can be restored after the secret version returns to active, current use.
To move a secret to a different compartment
  1. Open the navigation menu. Under the Governance and Administration group, go to Security and click Vault.
  2. Under Table Scope, in the Compartment list, choose the compartment that contains the vault that has the secret that you want to move.
  3. Click Secrets. Find the secret in the list, click the the Actions icon (three dots), and then click Move Resource. (If needed, first change the list scope to the compartment that contains the secret.)
  4. Choose the destination compartment from the list.
  5. Click Move Resource.
  6. If there are alarms monitoring the secret, update the alarms to reference the new compartment. See To update an alarm after moving a resource for more information.

Using the Command Line Interface (CLI)

For information about using the CLI, see Command Line Interface (CLI). For a complete list of flags and options available for CLI commands, see the Command Line Reference.

Tip

Each region has a unique endpoint for create, update, and list operations for secrets. This endpoint is referred to as the control plane URL or secret management endpoint. Each region also has a unique endpoint for operations related to retrieving secret contents. This endpoint is known as the data plane URL or the secret retrieval endpoint. When using the CLI for secret operations, you must provide the appropriate endpoint for the type of operation. For regional endpoints, see the API Documentation.
To create a new secret

Open a command prompt and run oci vault secret create-base64 to create a new secret:

Caution

Avoid entering confidential information in the secret name or secret content name.
oci vault secret create-base64 --compartment-id <target_compartment_id> --secret-name <secret_name> --vault-id <target_vault_id> --description <secret_description_text> --key-id <encryption_key_id> --secret-content-content <base64_encoded_secret_content> --secret-content-name <unique_content_name> --secret-content-stage <secret_version_rotation_state>

For example:


oci vault secret create-base64 --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz --secret-name testSecret --vault-id ocid1.vault.oc1.iad.exampleyaaeuk.examplesuxtdqxczlvygwk4ouq2mhzr223g4o2ojs4o4q4ghmt6rlexample --description "this is a test secret" --key-id ocid1.key.oc1.iad.exampleyaaeuk.abuwcvbrswr2nbvrraqomsmhopc74rlqupwyv3byhikd4577rrky7example --secret-content-content bXlwYXNzd29yZA== --secret-content-name testpassword1 --secret-content-stage CURRENT
To view a secret's details

Open a command prompt and run oci vault secret get to view a specific secret's details:

oci vault secret get --secret-id <secret_OCID>

For example:


oci vault secret get --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample
To view a list of secrets

Open a command prompt and run oci vault secret list to list secrets in a vault:

oci vault secret list --compartment-id <target_compartment_id>

For example:


oci vault secret list --compartment-id ocid1.compartment.oc1..example1example25qrlpo4agcmothkbgqgmuz2zzum45ibplooqtabwk3zz
To view a list of secret versions

Open a command prompt and run oci vault secret-version list to view a list of secret versions for a specific secret:

oci vault secret-version list --secret-id <secret_OCID>

For example:


oci vault secret-version list --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample
To update a secret description

Open a command prompt and run oci vault secret update to edit a secret's description.

Caution

Avoid entering confidential information in the secret description. Also, you must update the current secret version number, secret contents, and secret rules independently of one another. Lastly, you can only update secrets in an Active lifecycle state.
oci vault secret update --secret-id <secret_OCID> --description <secret_description_text>

For example:


oci vault secret update --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --description "this is a new secret description"
To update a secret's contents to create a new secret version

Open a command prompt and run oci vault secret update-base64 to update a secret's contents to create a new secret version:

oci vault secret update-base64 --secret-id <target_secret_id> --secret-content-content <base64_encoded_secret_content>

For example:


oci vault secret update-base64 --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --secret-content-content bXluZXdwYXNzd29yZA==
To promote an existing secret version to current

Open a command prompt and run oci vault secret update to promote a secret version to current, active use:

oci vault secret update --secret-id <target_secret_id> --current-version-number <target_secret_version_number>

For example:


oci vault secret update --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --current-version-number 3
To manage a secret's tags

Open a command prompt and run oci vault secret update to manage a secret's tags:

oci vault secret update --secret-id <target_secret_id> --defined-tags <defined_tags_in_JSON_format>

For example:


oci vault secret update --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --defined-tags '{"ProdSecrets" : {"NodePool" : "10"}}'
To view a secret's rules

Open a command prompt and run oci vault secret get to view a secret's configured rules:

oci vault secret get --secret-id <target_secret_id>

For example:


oci vault secret get --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample
To edit a secret's rules

Open a command prompt and run oci vault secret update to edit a secret's configured rules:

oci vault secret update --secret-id <target_secret_id> --secret-rules <secret_rules_in_JSON_format>

For example:


oci vault secret update --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --secret-rules '[{"isEnforcedOnDeletedSecretVersions":"true","ruleType":"SECRET_REUSE_RULE"}]'

You can specify a secret reuse rule or a secret expiry rule. At most, you can have one of each rule type.

To delete a secret
Caution

When a secret is pending deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, secret contents are irreversibly destroyed. If you want to restore the use of a secret before it is permanently deleted, you can cancel its deletion.

Open a command prompt and run oci vault secret schedule-secret-deletion to schedule a secret's deletion:

oci vault secret schedule-secret-deletion --secret-id <target_secret_id> --time-of-deletion <time_in_rfc3339_format>

For example:


oci vault secret schedule-secret-deletion --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample  --time-of-deletion 2020-04-30T10:00:00Z

By default, the service schedules secrets for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.

To delete a secret version
Caution

When a secret version is pending deletion, resources or services that rely on that secret version immediately become inaccessible. The secret version also can't be rotated or otherwise updated. When the secret version is deleted, its contents are irreversibly destroyed. If you want to restore the use of a secret version before it is permanently deleted, you can cancel its deletion.

Open a command prompt and run oci vault secret-version schedule-deletion to schedule a secret version's deletion:

oci vault secret-version schedule-deletion --secret-id <target_secret_id> --secret-version-number <target_secret_version_number> --time-of-deletion <time_in_rfc3339_format>

For example:


oci vault secret-version schedule-deletion --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample  --secret-version-number 1 --time-of-deletion 2020-04-09

By default, the service schedules secret versions for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days. In the preceding example, because no time is specified, the time of deletion defaults to midnight Coordinated Universal Time (UTC).

To cancel the deletion of a secret

Open a command prompt and run oci vault secret cancel-secret-deletion to cancel the scheduled deletion of a secret:

oci vault secret cancel-secret-deletion --secret-id <target_secret_id>

For example:


oci vault secret cancel-secret-deletion --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample
To cancel the deletion of a secret version

Open a command prompt and run oci vault secret-version cancel-deletion to cancel the scheduled deletion of a secret version:

oci vault secret-version cancel-deletion --secret-id <target_secret_id> --secret-version-number <target_secret_version_number>

For example:


oci vault secret-version cancel-deletion --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --secret-version-number 1
To move a secret to a different compartment

Open a command prompt and run oci vault secret change-compartment to move a secret to a different compartment:

oci vault secret change-compartment --secret-id <target_secret_id> --compartment-id <new_compartment_id>

For example:


oci vault secret change-compartment --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --compartment-id ocid1.tenancy.oc1..exampleati4wjo6cvbxq4iusld5lsdneskcfy7lr4a6wfauxuwrwed5b3xea
To view the contents and properties of the current secret version

Open a command prompt and run oci secrets secret-bundle get to view the contents and properties of the current secret version:

oci secrets secret-bundle get --secret-id <target_secret_id> --stage <target_secret_version_rotation_state>

For example:


oci secrets secret-bundle get --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --stage CURRENT
To view the properties for all versions of a secret

Open a command prompt and run oci secrets secret-bundle-version list-versions to view information about each of a secret's secret versions:

oci secrets secret-bundle-version list-versions --secret-id <target_secret_id>

For example:


oci secrets secret-bundle-version list-versions --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Tip

Each region has a unique endpoint for create, update, and list operations for secrets. This endpoint is referred to as the control plane URL or secret management endpoint. Each region also has a unique endpoint for operations related to retrieving secret contents. This endpoint is known as the data plane URL or the secret retrieval endpoint. For regional endpoints, see the API Documentation.

Use the following operations to manage secrets:

Use the following operations to retrieve secrets: