{OCI Vault} シークレット

OCI

https://oracle-japan.github.io/ocidocs/services/security/vault/

https://qiita.com/nakaie/items/5eb9498268c6f1e49169
https://docs.oracle.com/ja-jp/iaas/Content/KeyManagement/Concepts/keyoverview.htm
https://qiita.com/hitsumabushi845/items/40ba150a9d41778324ac

 

Virtual Private Vault ¥521.36/h
Default Vault 無償


マスター暗号化キー保護モード
 HSM  ¥74.676/month (First 20 Key Versions free)
 SOFTWARE  無償 

 

-- 1. ボールト作成

oci kms management vault list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

 


oci kms management vault create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name vault01 \
--vault-type DEFAULT 

 


oci kms management vault schedule-deletion \
--vault-id ocid1.vault.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--time-of-deletion 2024-01-15T03:00:00Z


7日から30日までの範囲を設定できます。

 

-- 2. マスター暗号化キー作成

oci kms management key list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--all \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


oci kms management key create --generate-full-command-json-input


oci kms management key create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name key01 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--protection-mode SOFTWARE \
--key-shape '{
    "algorithm": "AES",
    "curveId": null,
    "length": 32
  }' 

 

 

oci kms management key schedule-deletion \
--key-id ocid1.key.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--time-of-deletion 2024-01-15T03:00:00Z


7日から30日までの範囲を設定できます。

 

-- 3. シークレット作成

 

oci vault secret list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"secret-name":"secret-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table


echo "vault secret test" | base64

 

oci vault secret create-base64 \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--secret-name secret01 \
--vault-id ocid1.vault.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--description secret01 \
--key-id ocid1.key.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--secret-content-content "dmF1bHQgc2VjcmV0IHRlc3QK" \
--secret-content-name secret0101 \
--secret-content-stage CURRENT 

 

oci vault secret schedule-secret-deletion \
--secret-id ocid1.vaultsecret.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--time-of-deletion 2024-01-09T03:00:00Z


1日から30日までの範囲を設定できます。

 


-- 4. シークレット値の取得

oci secrets secret-bundle get \
--secret-id ocid1.vaultsecret.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'data."secret-bundle-content".content' \
--raw-output \
| base64 -d