Oracle Cloud Infrastructure Documentation

Moving a Secret to a Different Compartment

Learn how to move a secret stored in an OCI vault to a different compartment.

    1. Open the navigation menu , select Identity & Security, and then select Vault.
    2. Under List scope, select a compartment that contains the secret that you want to move.
    3. Click the name of the vault to open its details page.
    4. Under Resources, select Secrets.
    5. Find the secret in the list, select the Actions menu (Actions Menu) and then select Move resource.
    6. In the Move resource dialog box, select the destination compartment.
    7. Select Move Resource.
    8. If there are alarms monitoring the secret, update the alarms to reference the new compartment. See Updating an Alarm After Moving a Resource for more information.

  • Open a command prompt and run oci vault secret change-compartment to move a secret to a different compartment:

    oci vault secret change-compartment --secret-id <target_secret_id> --compartment-id <new_compartment_id>

    For example:

    
oci vault secret change-compartment --secret-id ocid1.vaultsecret.oc1.iad.exampleaz5qacpqahuecvbjqzql4qmpbrtd7pprafhivcfik6wuitexample --compartment-id ocid1.tenancy.oc1..exampleati4wjo6cvbxq4iusld5lsdneskcfy7lr4a6wfauxuwrwed5b3xea

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Use the ChangeSecretCompartment API with the Management Endpoint to move a secret from one compartment to another compartment.

    Note

    The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGMENT endpoint.

    The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.

    You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.

    For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.

    For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.