steampipe plugin install oci

Table: oci_vault_secret - Query OCI Vault Secrets using SQL

Oracle Cloud Infrastructure (OCI) Vault is a managed service that centrally manages the encryption of your data. The Vault service is integrated with other OCI services making it easier to manage keys and secrets, and to use them to encrypt data. The Vault service provides centralized key management, key lifecycle management, and cryptographically secure secret management.

Table Usage Guide

The oci_vault_secret table provides insights into secrets within the OCI Vault service. As a security administrator, use this table to explore secret-specific details, including lifecycle details, current version, and associated metadata. Utilize it to uncover information about secrets, such as those nearing the end of their lifecycle, secrets with specific compartment ids, and the verification of secret rules.

Examples

Basic info

Explore the basic details of your OCI vault secrets to understand their current lifecycle state and associated vault IDs. This information is useful for managing and tracking the usage of your secrets.

select
name,
id,
key_id,
lifecycle_state,
vault_id
from
oci_vault_secret;
select
name,
id,
key_id,
lifecycle_state,
vault_id
from
oci_vault_secret;

List secrets in pending deletion state

Identify instances where certain secrets are in a pending deletion state. This can be useful in managing and tracking the lifecycle of your secrets, ensuring no critical data is accidentally lost.

select
name,
id,
lifecycle_state
from
oci_vault_secret
where
lifecycle_state = 'PENDING_DELETION';
select
name,
id,
lifecycle_state
from
oci_vault_secret
where
lifecycle_state = 'PENDING_DELETION';

List secret rules

Explore which secret rules are in place within your OCI vault. This is useful for understanding the current security measures and identifying any potential areas for improvement.

select
id,
name,
jsonb_pretty(secret_rules) as rules
from
oci_vault_secret;
select
id,
name,
secret_rules as rules
from
oci_vault_secret;

Schema for oci_vault_secret

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
compartment_idtext=The OCID of the compartment in Tenant in which the resource is located.
current_version_numberbigintThe version number of the secret that's currently in use.
defined_tagsjsonbDefined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.
descriptiontextA brief description of the secret.
freeform_tagsjsonbFree-form tags for resource. This tags can be applied by any user with permissions on the resource.
idtext=The OCID of the secret.
key_idtextThe OCID of the master encryption key that is used to encrypt the secret.
lifecycle_detailstextAdditional information about the secret's current lifecycle state.
lifecycle_statetext=The current lifecycle state of the secret.
metadatajsonbAdditional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks.
nametext=The name of the secret.
regiontextThe OCI region in which the resource is located.
secret_rulesjsonbA list of rules that control how the secret is used and managed.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
tagsjsonbA map of tags for the resource.
tenant_idtext=, !=, ~~, ~~*, !~~, !~~*The OCID of the Tenant in which the resource is located.
tenant_nametextThe name of the Tenant in which the resource is located.
time_createdtextA property indicating when the secret was created.
time_of_current_version_expirytextAn optional property indicating when the current secret version will expire.
time_of_deletiontextAn optional property indicating when to delete the secret.
titletextTitle of the resource.
vault_idtext=The OCID of the Vault in which the secret exists.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- oci

You can pass the configuration to the command with the --config argument:

steampipe_export_oci --config '<your_config>' oci_vault_secret