Update and Version Static Secrets

When updating a static secret, you can update the current version, create a new version, or roll back to the previous version of a secret (for example, if the most recent version was configured incorrectly).

Let’s update a static secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

Update a Static Secret from the CLI

The CLI command to update a static secret is:

akeyless update-secret-val --name <secret name> --value <new secret value>

The output is:

The value of secret <secret name>  was successfully updated

When you update a static secret, by default the latest version is updated. To create a new version, run the --new-version option.

🚧

Metadata changes

Changing the metadata of a secret never enables changing versions in and of itself.
To change a version, you must explicitly run the --new-version option.

The rest of this section shows examples of how to manage secret versions directly from your CLI with different examples based on the assumption you've already created a secret called /secret1 with value1.

Examples are as follows:

  • create a new version of secret1 with the new value value2
  • get a secret value always returns the current value:
  • get a specific version of the secret value
  • delete a specific version of the secret value
  • roll back to a previous secret version

Create a new version of secret1 with the new value value2

$ akeyless update-secret-val -n /secret1 -v value2 --new-version
The value of secret /secret1 was successfully updated
...
$ akeyless describe-item -n /secret1 --show-versions
{
   "item_name": "/secret1",
   "item_type": "STATIC_SECRET",
   ...
   "last_version": 2,
   ...
   "item_versions": [
      {
         "version": 1,
         "creation_date": "2020-01-30T13:00:00Z"
      },
      {
         "version": 2,
         "creation_date": "2020-01-30T14:00:00Z"
      }
   ],
   ...
}

Get a secret value always returns the current value:

$ akeyless get-secret-value -n /secret1
value2

Get a specific version of the secret value:

$ akeyless get-secret-value -n /secret1 --version 1
value1

Delete a specific version of the secret value:

$ akeyless delete-item -n /secret1 --version 1
Item /secret1 version 1 was successfully deleted
...
$ akeyless describe-item -n /secret1 --show-versions
{
   "item_name": "/secret1",
   "item_type": "STATIC_SECRET",
   ...
   "last_version": 2,
   ...
   "item_versions": [
      {
         "version": 2,
         "creation_date": "2020-01-30T14:00:00Z"
      }
   ],
   ...
}

Roll back to a previous secret version:

$ akeyless update-secret-val -n /secret1 -v value3 --new-version
The value of secret /secret1 was successfully updated

$ akeyless get-secret-value -n /secret1
value3

$ akeyless rollback-secret -n /secret1 --old-version 2
Secret /secret1 was successfully rolled back to version 2

$ akeyless describe-item -n /secret1 --show-versions
{
   "item_name": "/secret1",
   "item_type": "STATIC_SECRET",
   ...
   "last_version": 4,
   ...
   "item_versions": [
      {
         "version": 2,
         "creation_date": "2020-01-30T14:00:00Z"
      },
      {
         "version": 3,
         "creation_date": "2020-01-30T15:00:00Z"
      },
      {
         "version": 4,
         "creation_date": "2020-01-30T16:00:00Z"
      }
   ],
   ...
}

$ akeyless get-secret-value -n /secret1
value2

Updates and versions from the UI

From the UI, click the pencil icon next to the Value of the secret and toggle Create new version to update the value and create a new version of the secret.

Once a secret has more than one version, a list of all previous values is available within the secret at the bottom of the configurations. Click the arrow to open and close the list and view older versions.

From the version history, click the eye icon next to a specific version to open a pop-up and view its value:

To delete a specific secret version from that same list, click the Delete icon and then confirm the deletion:

To restore a specific secret version, also from the list of secret versions, click the Restore icon to open a pop-up and confirm. This rolls the selected version back, overriding the current version: