Update and Version Static Secrets
When updating a static secret, you can update the current version, create a new version, or roll back to the previous version of a secret (for example, if the most recent version was configured incorrectly).
Let’s update a static secret using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.
Update a Static Secret from the CLI
The CLI command to update a static secret is:
akeyless update-secret-val --name <secret name> --value <new secret value>
The response should be like this:
$ The value of secret <secret name> was successfully updated
When you update a static secret, by default the latest version is updated. To keep the previous version of the secret stored in Akeyless, run the --keep-prev-version=true option.
Metadata changes
Changing the metadata of a secret does not change its version. To change the version and store the previous version, you must explicitly run
--keep-prev-version=true.
The rest of this section shows examples of how to manage secret versions directly from your CLI with different examples based on the assumption you've already created a secret called /secret1 with value1.
Examples are as follows:
- create a new version of secret1 with the new value value2 and keep previous version
- get a secret value always returns the current value
- get a specific version of the secret value
- delete a specific version of the secret value
- roll back to a previous secret version
Create a new version of secret1 with the new value value2 and keep previous version:
$ akeyless update-secret-val -n /secret1 -v value2 --keep-prev-version=true
The value of secret /secret1 was successfully updated
...
$ akeyless describe-item -n /secret1 --show-versions
{
"item_name": "/secret1",
"item_type": "STATIC_SECRET",
...
"last_version": 2,
...
"item_versions": [
{
"version": 1,
"creation_date": "2020-01-30T13:00:00Z"
},
{
"version": 2,
"creation_date": "2020-01-30T14:00:00Z"
}
],
...
}
Get a secret value always returns the current value:
$ akeyless get-secret-value -n /secret1
value2
Get a specific version of the secret value:
$ akeyless get-secret-value -n /secret1 --version 1
value1
Delete a specific version of the secret value:
$ akeyless delete-item -n /secret1 --version 1
Item /secret1 version 1 was successfully deleted
...
$ akeyless describe-item -n /secret1 --show-versions
{
"item_name": "/secret1",
"item_type": "STATIC_SECRET",
...
"last_version": 2,
...
"item_versions": [
{
"version": 2,
"creation_date": "2020-01-30T14:00:00Z"
}
],
...
}
Roll back to a previous secret version:
$ akeyless update-secret-val -n /secret1 -v value3 --keep-prev-version=true
The value of secret /secret1 was successfully updated
$ akeyless get-secret-value -n /secret1
value3
$ akeyless rollback-secret -n /secret1 --old-version 2
Secret /secret1 was successfully rolled back to version 2
$ akeyless describe-item -n /secret1 --show-versions
{
"item_name": "/secret1",
"item_type": "STATIC_SECRET",
...
"last_version": 4,
...
"item_versions": [
{
"version": 2,
"creation_date": "2020-01-30T14:00:00Z"
},
{
"version": 3,
"creation_date": "2020-01-30T15:00:00Z"
},
{
"version": 4,
"creation_date": "2020-01-30T16:00:00Z"
}
],
...
}
$ akeyless get-secret-value -n /secret1
value2
Updates and versions from the UI
From the UI, click the pencil icon next to the Value of the secret and toggle Create new version to update the value and create a new version of the secret.
Once a secret has more than one version, a list of all previous values is available within the secret at the bottom of the configurations. Click the arrow to open and close the list and view older versions.
From the version history, click the eye icon next to a specific version to open a pop-up and view its value:
To delete a specific secret version from that same list, click the Delete icon and then confirm the deletion:
To restore a specific secret version, also from the list of secret versions, click the Restore icon to open a pop-up and confirm. This rolls the selected version back, overriding the current version:
Updated 24 days ago