Skip to content

Test oci oracle cloud infrastructure vault secret

wordpress meta

title: 'Test OCI (Oracle Cloud Infrastructure) Vault Secret'
date: '2020-05-20T18:27:56-05:00'
status: publish
permalink: /test-oci-oracle-cloud-infrastructure-vault-secret
author: admin
excerpt: ''
type: post
id: 1647
category:
    - OCI
tag: []
post_format: []

assume oci cli working

test an old cli script to list buckets

$ ./list_buckets.sh

```bash { "data": [ { "compartment-id": "masked", "created-by": "masked", "defined-tags": null, "etag": "masked", "freeform-tags": null, "name": "bucket-20200217-1256", "namespace": "masked", "time-created": "2020-02-17T18:56:07.773000+00:00" } ] } ````

test old python script

```python $ python3 show_user.py { "capabilities": { "can_use_api_keys": true, "can_use_auth_tokens": true, "can_use_console_password": true, "can_use_customer_secret_keys": true, "can_use_o_auth2_client_credentials": true, "can_use_smtp_credentials": true }, "compartment_id": "masked", "defined_tags": {}, "description": "masked", "email": "masked", "external_identifier": null, "freeform_tags": {}, "id": "masked", "identity_provider_id": null, "inactive_status": null, "is_mfa_activated": false, "lifecycle_state": "ACTIVE", "name": "masked", "time_created": "2020-02-11T18:24:37.809000+00:00" } ````

create secret in console

  • Security > Vault > testvault
  • Create key rr
  • Create secret rr

test python code

```bash $ python3 check-secret.py masked Reading vaule of secret_id masked. Decoded content of the secret is: blah. ````

test cli

```bash $ oci vault secret list --compartment-id masked

 "data": [
   {
     "compartment-id": "*masked*",
     "defined-tags": {
       "Oracle-Tags": {
         "CreatedBy": "*masked*",
         "CreatedOn": "2020-05-19T19:13:52.028Z"
       }
     },
     "description": "test",
     "freeform-tags": {},
     "id": "*masked*",
     "key-id": "*masked*",
     "lifecycle-details": null,
     "lifecycle-state": "ACTIVE",
     "secret-name": "rr",
     "time-created": "2020-05-19T19:13:51.804000+00:00",
     "time-of-current-version-expiry": null,
     "time-of-deletion": null,
     "vault-id": "*masked*"
   }
 ]
}

$ oci vault secret get --secret-id masked { "data": { "compartment-id": "masked", "current-version-number": 1, "defined-tags": { "Oracle-Tags": { "CreatedBy": "masked", "CreatedOn": "2020-05-19T19:13:52.028Z" } }, "description": "test", "freeform-tags": {}, "id": "masked", "key-id": "masked", "lifecycle-details": null, "lifecycle-state": "ACTIVE", "metadata": null, "secret-name": "rr", "secret-rules": [], "time-created": "2020-05-19T19:13:51.804000+00:00", "time-of-current-version-expiry": null, "time-of-deletion": null, "vault-id": "masked" }, "etag": "masked" }

$ oci secrets secret-bundle get --secret-id masked { "data": { "metadata": null, "secret-bundle-content": { "content": "YmxhaA==", "content-type": "BASE64" }, "secret-id": "masked", "stages": [ "CURRENT", "LATEST" ], "time-created": "2020-05-19T19:13:51.804000+00:00", "time-of-deletion": null, "time-of-expiry": null, "version-name": null, "version-number": 1 }, "etag": "masked--gzip" }

$ echo YmxhaA== | base64 --decode blah ````

one liner

```bash $ oci secrets secret-bundle get --secret-id ocid1.vaultsecret.oc1.phx.masked --query "data .{s:\"secret-bundle-content\"}" | jq -r '.s.content' | base64 --decode blah ````