Available as of April, 2020, in all Commercial regions, Vault lets you store, manage, and audit arbitrary secret types in Oracle Cloud Infrastructure. This new secrets management complements the existing key management in Oracle Cloud Infrastructure Vault. These are used by our customers and cloud tenants to manage symmetric storage encryption keys at scale.
Before the introduction of secrets as a resource, Oracle Cloud Infrastructure Vault was known as Oracle Cloud Infrastructure Key Management. Oracle Cloud Infrastructure Key Management, part of Oracle Cloud Security Services, is now known as Oracle Cloud Infrastructure Vault, a new name better reflecting its expanded support for resource types beyond vaults and master encryption keys.
Also, support for secrets is not available in Oracle Cloud Infrastructure Government Cloud realms.
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. You can use the Vault service to create and manage the following resources:
Vaults are logical entities where the Vault service creates and durably stores keys and secrets. The type of vault you have determines features and functionality such as degrees of storage isolation, access to management and encryption, and scalability.
Keys are logical entities that represent one or more key versions that contain the cryptographic material used to encrypt and decrypt data, protecting the data where it is stored. When processed as part of an encryption algorithm, a key specifies how to transform plaintext into ciphertext during encryption and how to transform ciphertext into plaintext during decryption.
Secrets are credentials such as passwords, certificates, SSH keys, or authentication tokens that you use with Oracle Cloud Infrastructure services. Storing secrets in a vault provides greater security than you might achieve storing them elsewhere, such as in code or configuration files.
You can read more about how the service works in the technical documentation.
The announcement from the HQ can be found here.
For more information about secrets functionality, see the A-Team blog post.