Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Deactivating and activating a secret

Written by
Updated at May 5, 2025

A secret can be either active or deactivated. When a secret is active, it enables access to both its metadata and content (key-value pairs). When deactivated, it allows access only to its metadata, with the secret content being inaccessible.

Deactivating a secret

  1. In the management console, select the folder the secret belongs to.
  2. In the list of services, select Lockbox.
  3. Next to the secret you need, click and select Deactivate.
  4. Confirm its deactivation.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the CLI command description for information about deactivating a secret:

    yc lockbox secret deactivate --help

  2. Deactivate a secret by specifying its ID or name:

    yc lockbox secret deactivate <secret_name>

    Result:

    id: e6qkkp3k29jf********
folder_id: b1go3el0d8fs********
created_at: "2023-11-08T13:14:34.676Z"
name: first-secret
status: INACTIVE
current_version:
  id: e6qor8pe3ju7********
  secret_id: e6qkkp3k29jf********
  created_at: "2023-11-08T13:14:34.676Z"
  status: ACTIVE
  payload_entry_keys:
    - secret-key

To deactivate a secret, use the deactivate REST API method for the Secret resource or the SecretService/Deactivate gRPC API call.

Activating a secret

  1. In the management console, select the folder the secret belongs to.
  2. In the list of services, select Lockbox.
  3. Next to the secret you need, click and select Activate secret.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. See the CLI command description for information about activating a secret:

    yc lockbox secret activate --help

  2. Activate a secret by specifying its ID or name:

    yc lockbox secret activate <secret_name>

    Result:

    id: e6qkkp3k29jf********
folder_id: b1go3el0d8fs********
created_at: "2023-11-08T13:14:34.676Z"
name: first-secret
status: ACTIVE
current_version:
  id: e6qor8pe3ju7********
  secret_id: e6qkkp3k29jf********
  created_at: "2023-11-08T13:14:34.676Z"
  status: ACTIVE
  payload_entry_keys:
    - secret-key

To activate a secret, use the activate REST API method for the Secret resource or the SecretService/Activate gRPC API call.

See also

Previous
Deleting a secret
Next
Secret version management