Updating secrets

Written by

Yandex Cloud

Updated at July 29, 2025

To update a secret:

Management console

CLI

Terraform

API

In the management console, select the folder the secret belongs to.
In the list of services, select Lockbox.
In the left-hand menu, select Secrets.
Click next to the secret and select Edit.
Update the name and description of the secret. If necessary, select Block secret deletion.
Change the secret type and specify either key and value or value generation parameters.

When you change the secret type, key, or generation parameters, a new version will be created.
Click Save.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

View a description of the CLI command for adding resources to a secret:
```
yc lockbox secret update --help
```

Run the command, specifying the secret name or ID:

yc lockbox secret update \
  --id <secret_ID> \
  --new-name <new_secret_name> \
  --description <new_secret_description>

Result:

id: e6q2ig0u9b97********
folder_id: b1gyggt2th59********
created_at: "2021-11-08T19:23:00.383Z"
name: <new_secret_name>
description: <new_secret_description>
status: ACTIVE
current_version:
  id: e6q8ma3b6pd1********
  secret_id: e6q2ug0o9b24********
  created_at: "2021-11-08T19:23:00.383Z"
  status: ACTIVE
  payload_entry_keys:
  - <key>

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

Open the Terraform configuration file and edit the fragment with the secret description:

Sample secret description in the Terraform configuration

...
resource "yandex_lockbox_secret" "my_secret" {
  name                = "My secret"
  description         = "test secret from tf"
  folder_id           = "b1gmitvfx321d3********"
  kms_key_id          = "abjp8q2fjfg0s********"
  deletion_protection = true
  labels              = {
    tf-label    = "tf-label-value",
    empty-label = ""
  }
}
...

Apply the changes:
1. In the terminal, go to the directory where you edited the configuration file.
2. Make sure the configuration file is correct using this command:
```
terraform validate
```
  If the configuration is correct, you will get this message:
```
Success! The configuration is valid.
```
3. Run this command:
```
terraform plan
```
  You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
4. Apply the changes:
```
terraform apply
```
5. Type yes and press Enter to confirm the changes.

You can verify that the secret has been changed and its configuration is correct using the management console or the following CLI command:

yc lockbox secret get <secret_name>

To update a secret, use the update REST API method for the Secret resource or the SecretService/Update gRPC API call.

Updating secrets

See also

Was the article helpful?

Updating secrets

See alsoSee also

Was the article helpful?

See also