In today’s cloud-driven landscape, protecting sensitive data, such as API keys, passwords, and encryption keys, is vital. Oracle Cloud Infrastructure (OCI) Secret Management offers a robust and secure solution for storing, managing, and accessing these types of secrets. It provides centralized storage protected by hardware security modules (HSMs) and granular access control to help ensure the security and integrity of your secrets. This option is better than embedding unencrypted secrets directly within your applications because it helps reduce the attack surface and improve an application’s overall security posture.
We’re pleased to announce the general availability of automatic secret generation and automatic secret rotation features in OCI Secret Management! Now, you no longer need to take the burden and responsibility of using your own scripts to manage the secret generation and rotation. Instead, the Oracle Cloud Console and APIs, such as CreateSecret and RotateSecret, offer efficient ways to create and manage your secrets lifecycle from creation to rotation and deletion.
With automatic secret generation, we support three types: Passwords, Secure Shell (SSH) keys, and random bytes. We also provide templatization during generation. Templatization enables you to store Java Script Object Notation (JSON) blobs with placeholders for secrets that are automatically generated for you. With automatic rotation, you can set intervals from 1–12 months. This feature integrates with the Autonomous Database and Functions services, allowing seamless rotation of secrets used in Autonomous Database or function code. Your applications begin using the new secret immediately. In OCI Functions, you can easily rotate any credential and execute code as part of the rotation process. Automatic rotation is also available for manually created secrets.
Automation offers the following benefits:
Automatic secret management supports the following operations:
The OCI Secret Management service is part of the OCI Free Tier, so you can create and use secrets without incurring any charges. However, because your secrets are protected by keys created in OCI Key Management offering, charges can apply based on the type of vault and keys you create. For example, while virtual vaults with software keys are free, using HSM keys involves a minimal capacity fee.
This release doesn’t affect secret limits. You can still have 5,000 secrets per tenancy and 30 active secret versions per secret, each with a maximum size of 64 KB.
OCI Secrets Management provides a centralized and secure platform for managing your secrets. The powerful duo of automatic secret generation and automatic secret rotation can eliminate the tedious and error-prone tasks of manually creating and rotating sensitive credentials. Read more about how the feature works in the technical documentation.
The best way to learn about it is to give it a try! Visit our website to learn more about Oracle Cloud Infrastructure Security products and sign up for a Free Tier account and to take a closer look.
I am the Product Manager for OCI Key Management service and OCI Secret Management service.