OCI Vault Secret Retrieval API — read decrypted secret bundles.
This namespace wraps the SecretsClient SDK class (Maven artifact
oci-java-sdk-secrets). The Retrieval API endpoint is
secrets.vaults.<region>.oci.oraclecloud.com (path version /20190301).
Distinct from clj-oci.vault.secrets, which wraps the Management API
(vaults.<region>..., path /20180608).
Operations: get-secret-bundle, get-secret-bundle-by-name, list-secret-bundle-versions.
The two get-* ops are the primary entry points for an application that
needs to read a secret at runtime (e.g. pull a DB password on startup).
Selectors :version-number / :secret-version-name / :stage are
mutually exclusive at the server; default returns the CURRENT version.
Service is regional. Routes via clients/secrets-client-for.
Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
OCI Vault Secret Retrieval API — read decrypted secret bundles. This namespace wraps the `SecretsClient` SDK class (Maven artifact `oci-java-sdk-secrets`). The Retrieval API endpoint is `secrets.vaults.<region>.oci.oraclecloud.com` (path version `/20190301`). Distinct from `clj-oci.vault.secrets`, which wraps the Management API (`vaults.<region>...`, path `/20180608`). Operations: get-secret-bundle, get-secret-bundle-by-name, list-secret-bundle-versions. The two get-* ops are the primary entry points for an application that needs to read a secret at runtime (e.g. pull a DB password on startup). Selectors `:version-number` / `:secret-version-name` / `:stage` are mutually exclusive at the server; default returns the `CURRENT` version. Service is regional. Routes via `clients/secrets-client-for`. Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
(get-secret-bundle secret-id)(get-secret-bundle secret-id opts)Gets a SecretBundle (the decrypted secret contents + version metadata).
Returns {:data {:secretBundle <map>}} or {:error ...}. The map has
:secretId, :versionNumber, :versionName, :stages (list),
:timeCreated, :timeOfDeletion, :timeOfExpiry, :metadata, and
crucially :secretBundleContent — a map with :contentType "BASE64"
and :content (the base64-encoded secret).
Version selectors are mutually exclusive (server-enforced). If none is
supplied, returns the version marked CURRENT.
Required: secret-id.
Options:
:version-number — long, ≥ 1 (e.g. 3)
:secret-version-name — string (a named version)
:stage — :current, :pending, :latest, :previous,
:deprecated
:region — region-id or 3-letter code
Gets a SecretBundle (the decrypted secret contents + version metadata).
Returns `{:data {:secretBundle <map>}}` or `{:error ...}`. The map has
`:secretId`, `:versionNumber`, `:versionName`, `:stages` (list),
`:timeCreated`, `:timeOfDeletion`, `:timeOfExpiry`, `:metadata`, and
crucially `:secretBundleContent` — a map with `:contentType` `"BASE64"`
and `:content` (the base64-encoded secret).
Version selectors are mutually exclusive (server-enforced). If none is
supplied, returns the version marked `CURRENT`.
Required: `secret-id`.
Options:
:version-number — long, ≥ 1 (e.g. 3)
:secret-version-name — string (a named version)
:stage — `:current`, `:pending`, `:latest`, `:previous`,
`:deprecated`
:region — region-id or 3-letter code(get-secret-bundle-by-name secret-name vault-id)(get-secret-bundle-by-name secret-name vault-id opts)Gets a SecretBundle by secret-name + vault-id. Same response shape as
get-secret-bundle; the ergonomic alternative for callers who know the
human-readable name but not the OCID.
Note: the REST API is a POST despite the read-only semantics (the query params are too long for safe GET).
Required: secret-name, vault-id.
Options:
:version-number / :secret-version-name / :stage — see get-secret-bundle
:region
Gets a SecretBundle by `secret-name` + `vault-id`. Same response shape as `get-secret-bundle`; the ergonomic alternative for callers who know the human-readable name but not the OCID. Note: the REST API is a POST despite the read-only semantics (the query params are too long for safe GET). Required: `secret-name`, `vault-id`. Options: :version-number / :secret-version-name / :stage — see `get-secret-bundle` :region
(list-secret-bundle-versions secret-id)(list-secret-bundle-versions secret-id opts)Lists SecretBundleVersionSummary objects for secret-id, paginating
automatically. Each summary EXCLUDES the secret contents (use
get-secret-bundle with a :version-number selector to retrieve content).
Returns {:data {:items [version-summary-maps...]}} or {:error ...}.
Each map has :secretId, :versionNumber, :versionName, :stages,
:timeCreated, :timeOfDeletion, :timeOfExpiry, :systemTags.
Required: secret-id.
Options:
:region — region-id or 3-letter code
:sort-by — :version-number (default DESC)
:sort-order — :asc or :desc
:limit — page size (default 100)
Lists SecretBundleVersionSummary objects for `secret-id`, paginating
automatically. Each summary EXCLUDES the secret contents (use
`get-secret-bundle` with a `:version-number` selector to retrieve content).
Returns `{:data {:items [version-summary-maps...]}}` or `{:error ...}`.
Each map has `:secretId`, `:versionNumber`, `:versionName`, `:stages`,
`:timeCreated`, `:timeOfDeletion`, `:timeOfExpiry`, `:systemTags`.
Required: `secret-id`.
Options:
:region — region-id or 3-letter code
:sort-by — `:version-number` (default DESC)
:sort-order — `:asc` or `:desc`
:limit — page size (default 100)cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |