Deleting a Secret
Learn how to delete a secret stored in an OCI vault.
- Note
When a vault secret is pending deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, it is are irreversibly destroyed. If you want to restore the use of a secret before it is permanently deleted, you can cancel its deletion.
- On the Secrets list page, find the secret that you want to work with. If you need help finding the list page, see Listing Secrets.
- Select the Actions menu
and then select Delete Secret. - Confirm that you want to delete the vault secret by typing the secret name in the text box.
- Schedule when you want Vault to delete the secret. By default, the service schedules secrets for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.
- Select Delete Secret. If needed, you can restore use of the vault secret and access to resources and services that use the contents of that secret by selecting Cancel Deletion on the secret details page and making the secret version current again. See Canceling the Scheduled Deletion of a Secret for more information.
- Caution
When a secret is pending deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, secret contents are irreversibly destroyed. To restore the use of a secret before it's permanently deleted, you can cancel its deletion.Use the oci vault secret schedule-secret-deletion command to schedule a secret's deletion:
oci vault secret schedule-secret-deletion --secret-id <target_secret_id> --time-of-deletion <time_in_rfc3339_format>For example:
oci vault secret schedule-secret-deletion --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --time-of-deletion 2020-04-30T10:00:00ZBy default, the service schedules secrets for deletion 30 days from the current date and time. You can set a range between 1 day and 30 days.
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Use the ScheduleSecretDeletion API with the Management Endpoint to schedule deletion of a secret.
Caution
When a secret is pending deletion, resources or services that rely on that secret immediately become inaccessible. The secret also can't be rotated or otherwise updated. When the secret is deleted, secret contents are irreversibly destroyed. To restore the use of a secret before it's permanently deleted, you can cancel its deletion.Note
The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.
The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.
You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.
For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.