OCI Vault Secret Management API — Secret resource (9 operations).
This namespace wraps the VaultsClient SDK class (Maven artifact
oci-java-sdk-vault). The Vault Management API endpoint is
vaults.<region>.oci.oraclecloud.com (path version /20180608); it is
distinct from the Vault Retrieval API (secrets.vaults.<region>...,
wrapped by clj-oci.secrets).
Operations: list-secrets, get-secret, create-secret, update-secret, schedule-secret-deletion, cancel-secret-deletion, change-secret-compartment, rotate-secret, cancel-secret-rotation.
Polymorphic body fields (secretContent, secretGenerationContext,
secretRules, rotationConfig) are constructed via per-subclass helpers
in clj-oci.vault.types, then passed pre-built through the params map.
The service is regional. Operations route via
clients/vaults-client-for-region with the usual precedence:
(:region opts) > OCID region segment > singleton's default.
Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
OCI Vault Secret Management API — Secret resource (9 operations). This namespace wraps the `VaultsClient` SDK class (Maven artifact `oci-java-sdk-vault`). The Vault Management API endpoint is `vaults.<region>.oci.oraclecloud.com` (path version `/20180608`); it is distinct from the Vault Retrieval API (`secrets.vaults.<region>...`, wrapped by `clj-oci.secrets`). Operations: list-secrets, get-secret, create-secret, update-secret, schedule-secret-deletion, cancel-secret-deletion, change-secret-compartment, rotate-secret, cancel-secret-rotation. Polymorphic body fields (`secretContent`, `secretGenerationContext`, `secretRules`, `rotationConfig`) are constructed via per-subclass helpers in `clj-oci.vault.types`, then passed pre-built through the params map. The service is regional. Operations route via `clients/vaults-client-for-region` with the usual precedence: (:region opts) > OCID region segment > singleton's default. Javadocs: https://docs.oracle.com/en-us/iaas/tools/java/3.86.0/
(cancel-secret-deletion secret-id)(cancel-secret-deletion secret-id opts)Cancels the pending deletion of a Secret. Restores the secret's prior lifecycle state.
Returns {:data {}} (204) or {:error ...}.
Options: :region — region-id or 3-letter code
Cancels the pending deletion of a Secret. Restores the secret's prior
lifecycle state.
Returns `{:data {}}` (204) or `{:error ...}`.
Options:
:region — region-id or 3-letter code(cancel-secret-rotation secret-id)(cancel-secret-rotation secret-id opts)Cancels an ongoing secret rotation. Important: cancelling disables ALL future rotations on the secret until rotation-config is re-enabled.
Returns {:data {}} (204) or {:error ...}.
Options: :region — region-id or 3-letter code
Cancels an ongoing secret rotation. Important: cancelling disables ALL
future rotations on the secret until rotation-config is re-enabled.
Returns `{:data {}}` (204) or `{:error ...}`.
Options:
:region — region-id or 3-letter code(change-secret-compartment secret-id target-compartment-id)(change-secret-compartment secret-id target-compartment-id opts)Moves a Secret to a different compartment within the same tenancy.
Returns {:data {}} (204) or {:error ...}.
Required: secret-id, target-compartment-id (positional).
Options:
:region — region-id or 3-letter code
Moves a Secret to a different compartment within the same tenancy.
Returns `{:data {}}` (204) or `{:error ...}`.
Required: `secret-id`, `target-compartment-id` (positional).
Options:
:region — region-id or 3-letter code(create-secret params)(create-secret params opts)Creates a new Secret.
Returns {:data {:secret <map>}} or {:error ...} (mirrors get-secret).
Required params (camelCase, matching CreateSecretDetails Builder):
:compartmentId — OCID of the target compartment
:vaultId — OCID of the vault that holds the secret
:keyId — OCID of the master encryption key (must live in vaultId)
:secretName — user-friendly unique name, ≤255 chars
Either supply :secretContent (user-provided) OR set
:enableAutoGeneration true with :secretGenerationContext
(server-generated). The two modes are mutually exclusive.
Optional params:
:description, :metadata, :freeformTags, :definedTags
:enableAutoGeneration — boolean
:secretContent — pre-built Base64SecretContentDetails
via vault.types/base64-secret-content-details
:secretGenerationContext — pre-built concrete instance via
vault.types/{bytes,passphrase,ssh-key}-generation-context
:secretRules — list of pre-built SecretRule instances via
vault.types/{secret-expiry-rule,secret-reuse-rule}
:rotationConfig — pre-built RotationConfig via
vault.types/rotation-config
Top-level opts: :region.
Creates a new Secret.
Returns `{:data {:secret <map>}}` or `{:error ...}` (mirrors `get-secret`).
Required params (camelCase, matching CreateSecretDetails Builder):
:compartmentId — OCID of the target compartment
:vaultId — OCID of the vault that holds the secret
:keyId — OCID of the master encryption key (must live in `vaultId`)
:secretName — user-friendly unique name, ≤255 chars
Either supply `:secretContent` (user-provided) OR set
`:enableAutoGeneration true` with `:secretGenerationContext`
(server-generated). The two modes are mutually exclusive.
Optional params:
:description, :metadata, :freeformTags, :definedTags
:enableAutoGeneration — boolean
:secretContent — pre-built Base64SecretContentDetails
via `vault.types/base64-secret-content-details`
:secretGenerationContext — pre-built concrete instance via
`vault.types/{bytes,passphrase,ssh-key}-generation-context`
:secretRules — list of pre-built SecretRule instances via
`vault.types/{secret-expiry-rule,secret-reuse-rule}`
:rotationConfig — pre-built RotationConfig via
`vault.types/rotation-config`
Top-level opts: `:region`.(get-secret secret-id)(get-secret secret-id opts)Gets a Secret by OCID.
Returns {:data {:secret <map>}} or {:error ...}. The :secret value is
the full Secret resource: :id, :secretName, :vaultId, :keyId,
:compartmentId, :lifecycleState, :lifecycleDetails, :description,
:metadata, :secretRules, :rotationConfig, :secretGenerationContext,
:currentVersionNumber, :lastRotationTime, :nextRotationTime,
:rotationStatus, :timeCreated, :timeOfCurrentVersionExpiry,
:timeOfDeletion, :freeformTags, :definedTags, :systemTags,
:isAutoGenerationEnabled.
Options: :region — region-id or 3-letter code; defaults to OCID region segment then singleton's default.
Gets a Secret by OCID.
Returns `{:data {:secret <map>}}` or `{:error ...}`. The `:secret` value is
the full Secret resource: `:id`, `:secretName`, `:vaultId`, `:keyId`,
`:compartmentId`, `:lifecycleState`, `:lifecycleDetails`, `:description`,
`:metadata`, `:secretRules`, `:rotationConfig`, `:secretGenerationContext`,
`:currentVersionNumber`, `:lastRotationTime`, `:nextRotationTime`,
`:rotationStatus`, `:timeCreated`, `:timeOfCurrentVersionExpiry`,
`:timeOfDeletion`, `:freeformTags`, `:definedTags`, `:systemTags`,
`:isAutoGenerationEnabled`.
Options:
:region — region-id or 3-letter code; defaults to OCID region segment
then singleton's default.(list-secrets compartment-id)(list-secrets compartment-id opts)Lists Secrets in compartment-id, paginating automatically.
Returns {:data {:items [secret-summary-maps...]}} or {:error ...}. Each
map carries the SecretSummary fields via from-java: :id, :secretName,
:vaultId, :keyId, :compartmentId, :lifecycleState,
:lifecycleDetails, :timeCreated, :timeOfCurrentVersionExpiry,
:timeOfDeletion, :freeformTags, :definedTags, :systemTags,
:rotationConfig, :rotationStatus, :lastRotationTime,
:nextRotationTime, :isAutoGenerationEnabled, :secretGenerationContext.
Options (all optional):
:region — region-id ("us-chicago-1") or 3-letter code ("phx")
:vault-id — restrict to one vault
:name — exact-match secret name (case-sensitive)
:lifecycle-state — :creating, :active, :updating, :deleting,
:deleted, :scheduling-deletion, :pending-deletion,
:cancelling-deletion, :failed
:sort-by — :time-created (default desc) or :name (default asc)
:sort-order — :asc or :desc
:limit — page size (default 100)
Lists Secrets in `compartment-id`, paginating automatically.
Returns `{:data {:items [secret-summary-maps...]}}` or `{:error ...}`. Each
map carries the SecretSummary fields via `from-java`: `:id`, `:secretName`,
`:vaultId`, `:keyId`, `:compartmentId`, `:lifecycleState`,
`:lifecycleDetails`, `:timeCreated`, `:timeOfCurrentVersionExpiry`,
`:timeOfDeletion`, `:freeformTags`, `:definedTags`, `:systemTags`,
`:rotationConfig`, `:rotationStatus`, `:lastRotationTime`,
`:nextRotationTime`, `:isAutoGenerationEnabled`, `:secretGenerationContext`.
Options (all optional):
:region — region-id ("us-chicago-1") or 3-letter code ("phx")
:vault-id — restrict to one vault
:name — exact-match secret name (case-sensitive)
:lifecycle-state — `:creating`, `:active`, `:updating`, `:deleting`,
`:deleted`, `:scheduling-deletion`, `:pending-deletion`,
`:cancelling-deletion`, `:failed`
:sort-by — `:time-created` (default desc) or `:name` (default asc)
:sort-order — `:asc` or `:desc`
:limit — page size (default 100)(rotate-secret secret-id)(rotate-secret secret-id opts)Triggers an out-of-band rotation of a Secret. The secret must have a valid
:rotationConfig (with a :targetSystemDetails). Async — returns
{:data {:opcWorkRequestId <id>}} on 202 Accepted; poll the work-request
API to track completion. Per the clj-oci convention (matching
generative-ai/create-model), polling is the caller's responsibility.
Side effect: cancelling an in-flight rotation later disables ALL future rotations on the secret until rotation-config is re-enabled.
Options: :region — region-id or 3-letter code
Triggers an out-of-band rotation of a Secret. The secret must have a valid
`:rotationConfig` (with a `:targetSystemDetails`). Async — returns
`{:data {:opcWorkRequestId <id>}}` on 202 Accepted; poll the work-request
API to track completion. Per the clj-oci convention (matching
`generative-ai/create-model`), polling is the caller's responsibility.
Side effect: cancelling an in-flight rotation later disables ALL future
rotations on the secret until rotation-config is re-enabled.
Options:
:region — region-id or 3-letter code(schedule-secret-deletion secret-id)(schedule-secret-deletion secret-id opts)Schedules deletion of a Secret. Sets lifecycle to PENDING_DELETION; the
actual delete happens after the retention period ends.
Returns {:data {}} (204 no-content) or {:error ...}.
Options: :timeOfDeletion — java.util.Date (RFC 3339 on the wire); server applies its default retention window if omitted :region — region-id or 3-letter code
Schedules deletion of a Secret. Sets lifecycle to `PENDING_DELETION`; the
actual delete happens after the retention period ends.
Returns `{:data {}}` (204 no-content) or `{:error ...}`.
Options:
:timeOfDeletion — java.util.Date (RFC 3339 on the wire); server applies
its default retention window if omitted
:region — region-id or 3-letter code(update-secret secret-id params)(update-secret secret-id params opts)Updates a Secret. The secret must be in :active lifecycle state.
The mutually-exclusive trio (:currentVersionNumber, :secretContent,
:secretRules) is server-enforced — passing more than one returns a
400 error.
Returns {:data {:secret <map>}} or {:error ...}.
Required: secret-id (positional).
Optional params (camelCase, matching UpdateSecretDetails Builder): :currentVersionNumber — promote a past version to current (rollback) :description, :metadata, :freeformTags, :definedTags :enableAutoGeneration :secretContent — pre-built (via vault.types) — creates a new version; mutually exclusive with :currentVersionNumber and :secretRules :secretGenerationContext — pre-built (via vault.types) :secretRules — list of pre-built rules :rotationConfig — pre-built RotationConfig
Top-level opts: :region.
Updates a Secret. The secret must be in `:active` lifecycle state.
The mutually-exclusive trio (`:currentVersionNumber`, `:secretContent`,
`:secretRules`) is server-enforced — passing more than one returns a
400 error.
Returns `{:data {:secret <map>}}` or `{:error ...}`.
Required: `secret-id` (positional).
Optional params (camelCase, matching UpdateSecretDetails Builder):
:currentVersionNumber — promote a past version to current (rollback)
:description, :metadata, :freeformTags, :definedTags
:enableAutoGeneration
:secretContent — pre-built (via vault.types) — creates a new
version; mutually exclusive with
:currentVersionNumber and :secretRules
:secretGenerationContext — pre-built (via vault.types)
:secretRules — list of pre-built rules
:rotationConfig — pre-built RotationConfig
Top-level opts: `:region`.cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |