Oracle Cloud Infrastructure Documentation

Create a Mapped Secret

Create mapped secrets to use in decryption profiles to decrypt and inspect SSL/TLS traffic with SSL forward proxy or SSL inbound inspection.

Before you can create a mapped secret, you must set up network traffic decryption and inspection .
You can create a maximum of 300 SSL inbound inspection mapped secrets. You can create a maximum of one SSL forward proxy mapped secret.
Important

Some names are reserved by Palo Alto Networks® and can't be used.
    1. Open the navigation menu, and select Identity & Security. Under Firewalls, select Network Firewall policies.
    2. Select that compartment that contains the policy that you want to create the application in.
    3. Select the policy.
    4. On the details page, select the TLS decryption tab.
    5. From within the Mapped secrets table, select Create mapped secret.
    6. In the Mapped secret name box, enter a name for the secret. Avoid entering confidential information.
    7. In the Mapped secret type list, select one of the following options:
      • To decrypt or inspect SSL/TLS traffic from internal users to the internet, select SSL Inbound Inspection.
      - or -
      • To decrypt or inspect inbound SSL/TLS traffic from a client to a network server, select SSL Forward Proxy.
    8. In the Vault list, select the vault that contains the secret that you want to map to the inbound or outbound key.
    9. In the Secret list, select the secret.
    10. In the Version number list, select the secret version.
    11. Select Create mapped secret.

  • Use the network-firewall mapped-secret create command and required parameters to create a mapped secret:

    oci network-firewall mapped-secret create --name my_mapped_secret --source OCI_VAULT
--network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
--type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateMappedSecret operation to create a mapped secret.