https://oracle-japan.github.io/ocidocs/services/security/vault/
https://qiita.com/nakaie/items/5eb9498268c6f1e49169
https://docs.oracle.com/ja-jp/iaas/Content/KeyManagement/Concepts/keyoverview.htm
https://qiita.com/hitsumabushi845/items/40ba150a9d41778324ac
Virtual Private Vault ¥521.36/h
Default Vault 無償
マスター暗号化キー保護モード
HSM ¥74.676/month (First 20 Key Versions free)
SOFTWARE 無償
-- 1. ボールト作成
oci kms management vault list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--all \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table
oci kms management vault create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name vault01 \
--vault-type DEFAULT
oci kms management vault schedule-deletion \
--vault-id ocid1.vault.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--time-of-deletion 2024-01-15T03:00:00Z
7日から30日までの範囲を設定できます。
-- 2. マスター暗号化キー作成
oci kms management key list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--all \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table
oci kms management key create --generate-full-command-json-input
oci kms management key create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--display-name key01 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--protection-mode SOFTWARE \
--key-shape '{
"algorithm": "AES",
"curveId": null,
"length": 32
}'
oci kms management key schedule-deletion \
--key-id ocid1.key.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--endpoint "https://xxxxxxxxxxxxx-management.kms.us-ashburn-1.oraclecloud.com" \
--time-of-deletion 2024-01-15T03:00:00Z
7日から30日までの範囲を設定できます。
-- 3. シークレット作成
oci vault secret list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[].{"secret-name":"secret-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table
echo "vault secret test" | base64
oci vault secret create-base64 \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--secret-name secret01 \
--vault-id ocid1.vault.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--description secret01 \
--key-id ocid1.key.oc1.iad.xxxxxxxxxxxxx.000000000000000000000000000000000000000000000000000000000000 \
--secret-content-content "dmF1bHQgc2VjcmV0IHRlc3QK" \
--secret-content-name secret0101 \
--secret-content-stage CURRENT
oci vault secret schedule-secret-deletion \
--secret-id ocid1.vaultsecret.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--time-of-deletion 2024-01-09T03:00:00Z
1日から30日までの範囲を設定できます。
-- 4. シークレット値の取得
oci secrets secret-bundle get \
--secret-id ocid1.vaultsecret.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--query 'data."secret-bundle-content".content' \
--raw-output \
| base64 -d