Deactivating and activating a secret
A secret can be either active or deactivated. When a secret is active, it enables access to both its metadata and content (key-value pairs). When deactivated, it allows access only to its metadata, with the secret content being inaccessible.
Deactivating a secret
- In the management console
, select the folder the secret belongs to. - In the list of services, select Lockbox.
- Next to the secret you need, click
and select Deactivate. - Confirm its deactivation.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
See the CLI command description for information about deactivating a secret:
yc lockbox secret deactivate --help
-
Deactivate a secret by specifying its ID or name:
yc lockbox secret deactivate <secret_name>
Result:
id: e6qkkp3k29jf******** folder_id: b1go3el0d8fs******** created_at: "2023-11-08T13:14:34.676Z" name: first-secret status: INACTIVE current_version: id: e6qor8pe3ju7******** secret_id: e6qkkp3k29jf******** created_at: "2023-11-08T13:14:34.676Z" status: ACTIVE payload_entry_keys: - secret-key
To deactivate a secret, use the deactivate REST API method for the Secret resource or the SecretService/Deactivate gRPC API call.
Activating a secret
- In the management console
, select the folder the secret belongs to. - In the list of services, select Lockbox.
- Next to the secret you need, click
and select Activate secret.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
See the CLI command description for information about activating a secret:
yc lockbox secret activate --help
-
Activate a secret by specifying its ID or name:
yc lockbox secret activate <secret_name>
Result:
id: e6qkkp3k29jf******** folder_id: b1go3el0d8fs******** created_at: "2023-11-08T13:14:34.676Z" name: first-secret status: ACTIVE current_version: id: e6qor8pe3ju7******** secret_id: e6qkkp3k29jf******** created_at: "2023-11-08T13:14:34.676Z" status: ACTIVE payload_entry_keys: - secret-key
To activate a secret, use the activate REST API method for the Secret resource or the SecretService/Activate gRPC API call.