Updating secrets

Written by

Yandex Cloud

Updated at May 5, 2025

To update a secret:

Management console

CLI

Terraform

API

In the management console, select the folder the secret belongs to.
In the list of services, select Lockbox.
In the left-hand menu, select Secrets.
Click next to the secret and select Edit.
Update the name and description of the secret. If necessary, select Block secret deletion.
Change the secret type and specify either key and value or value generation parameters.

When you change the secret type, key, or generation parameters, a new version will be created.
Click Save.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

View a description of the CLI command for adding resources to a secret:
```
yc lockbox secret update --help
```

Run the command, specifying the secret name or ID:

yc lockbox secret update \
  --id <secret_ID> \
  --new-name <new_secret_name> \
  --description <new_secret_description>

Result:

id: e6q2ig0u9b97********
folder_id: b1gyggt2th59********
created_at: "2021-11-08T19:23:00.383Z"
name: <new_secret_name>
description: <new_secret_description>
status: ACTIVE
current_version:
  id: e6q8ma3b6pd1********
  secret_id: e6q2ug0o9b24********
  created_at: "2021-11-08T19:23:00.383Z"
  status: ACTIVE
  payload_entry_keys:
  - <key>

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

Open the Terraform configuration file and edit the fragment with the secret description:

Sample secret description in the Terraform configuration

...
resource "yandex_lockbox_secret" "my_secret" {
  name                = "My secret"
  description         = "test secret from tf"
  folder_id           = "b1gmitvfx321d3********"
  kms_key_id          = "abjp8q2fjfg0s********"
  deletion_protection = true
  labels              = {
    tf-label    = "tf-label-value",
    empty-label = ""
  }
}
...

Apply the changes:
1. In the terminal, change to the folder where you edited the configuration file.
2. Make sure the configuration file is correct using the command:
```
terraform validate
```
  If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
3. Run the command:
```
terraform plan
```
  The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
4. Apply the configuration changes:
```
terraform apply
```
5. Confirm the changes: type yes in the terminal and press Enter.

You can verify that the secret has been changed and its configuration is correct using the management console or the following CLI command:

yc lockbox secret get <secret_name>

To update a secret, use the update REST API method for the Secret resource or the SecretService/Update gRPC API call.

Updating secrets

See also

Was the article helpful?

Updating secrets

See alsoSee also

Was the article helpful?

See also