Oracle Cloud Infrastructure Documentation

Creating a Secret Version

Learn how to create a version for a specified secret. When you create a version, you update its contents.

    1. On the Secret's Versions list page, find the secret version that you want to work with. If you need help finding the list page, see Listing Secret Versions
    2. Select the name of the secret to open its details page.
    3. Select Create Secret Version.
    4. In the Create Secret Version dialog box, provide the following details:
      • Secret Type Template: Select a format for the secret. The type can be plain-text or base64.
      • Secret Contents: Enter the new content for the secret content such as passwords, and database connection strings.
      • Set to Pending: Select this option to create a secret version without making it the active version.
    5. Select Create Secret Version.
      Note

      If you set the version to "Pending," you can promote it to "Current" at any time by selecting the Actions menu Actions Menu for it in the Versions table on the secret details page and selecting Promote to Current.

  • Use the oci vault secret update or oci vault secret update-base64 command to update a secret's contents. Updating the contents of a secret creates a new secret version.

    oci vault secret update --secret-id <secret_OCID> [OPTIONS]
    oci vault secret update-base64 --secret-id <secret_OCID> [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the UpdateSecret API with the Management Endpoint to update the contents of a secret. Updating the contents of a secret creates a new secret version.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.