oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_vault_secret - Query OCI Vault Secrets using SQL
Oracle Cloud Infrastructure (OCI) Vault is a managed service that centrally manages the encryption of your data. The Vault service is integrated with other OCI services making it easier to manage keys and secrets, and to use them to encrypt data. The Vault service provides centralized key management, key lifecycle management, and cryptographically secure secret management.
Table Usage Guide
The oci_vault_secret table provides insights into secrets within the OCI Vault service. As a security administrator, use this table to explore secret-specific details, including lifecycle details, current version, and associated metadata. Utilize it to uncover information about secrets, such as those nearing the end of their lifecycle, secrets with specific compartment ids, and the verification of secret rules.
Examples
Basic info
Explore the basic details of your OCI vault secrets to understand their current lifecycle state and associated vault IDs. This information is useful for managing and tracking the usage of your secrets.
select name, id, key_id, lifecycle_state, vault_idfrom oci_vault_secret;select name, id, key_id, lifecycle_state, vault_idfrom oci_vault_secret;List secrets in pending deletion state
Identify instances where certain secrets are in a pending deletion state. This can be useful in managing and tracking the lifecycle of your secrets, ensuring no critical data is accidentally lost.
select name, id, lifecycle_statefrom oci_vault_secretwhere lifecycle_state = 'PENDING_DELETION';select name, id, lifecycle_statefrom oci_vault_secretwhere lifecycle_state = 'PENDING_DELETION';List secret rules
Explore which secret rules are in place within your OCI vault. This is useful for understanding the current security measures and identifying any potential areas for improvement.
select id, name, jsonb_pretty(secret_rules) as rulesfrom oci_vault_secret;select id, name, secret_rules as rulesfrom oci_vault_secret;Query examples
Schema for oci_vault_secret
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| current_version_number | bigint | The version number of the secret that's currently in use. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| description | text | A brief description of the secret. | |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the secret. |
| key_id | text | The OCID of the master encryption key that is used to encrypt the secret. | |
| lifecycle_details | text | Additional information about the secret's current lifecycle state. | |
| lifecycle_state | text | = | The current lifecycle state of the secret. |
| metadata | jsonb | Additional metadata that you can use to provide context about how to use the secret or during rotation or other administrative tasks. | |
| name | text | = | The name of the secret. |
| region | text | The OCI region in which the resource is located. | |
| secret_rules | jsonb | A list of rules that control how the secret is used and managed. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | The OCID of the Tenant in which the resource is located. | |
| tenant_name | text | The name of the Tenant in which the resource is located. | |
| time_created | text | A property indicating when the secret was created. | |
| time_of_current_version_expiry | text | An optional property indicating when the current secret version will expire. | |
| time_of_deletion | text | An optional property indicating when to delete the secret. | |
| title | text | Title of the resource. | |
| vault_id | text | = | The OCID of the Vault in which the secret exists. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_vault_secret