secrets
Creates, updates, deletes, gets or lists a secrets resource.
Overview
| Name | secrets |
| Type | Resource |
| Id | okta.apps.secrets |
Fields
The following fields are returned by SELECT queries:
- list_oauth2_client_secrets
- get_oauth2_client_secret
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the OAuth Client Secret (example: ocs2f4zrZbs8nUa7p0g4) |
_links | object | Specifies link relations (see Web Linking) available for the current status of an application using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
client_secret | string | The OAuth 2.0 client secret string (example: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B) |
created | string | Timestamp when the OAuth Client 2.0 Secret was created (example: 2023-02-21T20:08:24.000Z) |
lastUpdated | string | Timestamp when the OAuth Client 2.0 Secret was updated (example: 2023-02-21T20:08:24.000Z) |
secret_hash | string | OAuth 2.0 client secret string hash (example: yk4SVx4sUWVJVbHt6M-UPA) |
status | string | Status of the OAuth 2.0 Client Secret (example: ACTIVE, default: ACTIVE) |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique ID of the OAuth Client Secret (example: ocs2f4zrZbs8nUa7p0g4) |
_links | object | Specifies link relations (see Web Linking) available for the current status of an application using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
client_secret | string | The OAuth 2.0 client secret string (example: DRUFXGF9XbLn......a3x3POBiIxDreBCdZuFs5B) |
created | string | Timestamp when the OAuth Client 2.0 Secret was created (example: 2023-02-21T20:08:24.000Z) |
lastUpdated | string | Timestamp when the OAuth Client 2.0 Secret was updated (example: 2023-02-21T20:08:24.000Z) |
secret_hash | string | OAuth 2.0 client secret string hash (example: yk4SVx4sUWVJVbHt6M-UPA) |
status | string | Status of the OAuth 2.0 Client Secret (example: ACTIVE, default: ACTIVE) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_oauth2_client_secrets | select | subdomain | Lists all client secrets for an OAuth 2.0 client app | |
get_oauth2_client_secret | select | subdomain | Retrieves an OAuth 2.0 Client Secret by secretId | |
create_oauth2_client_secret | insert | subdomain | Creates an OAuth 2.0 Client Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects. > Note: This API lets you bring your own secret. If token_endpoint_auth_method of the app is client_secret_jwt, then the minimum length of client_secret is 32 characters. If no secret is specified in the request, Okta adds a new system-generated secret. | |
delete_oauth2_client_secret | delete | subdomain | Deletes an OAuth 2.0 Client Secret by secretId. You can only delete an inactive Secret. | |
activate_oauth2_client_secret | exec | subdomain | Activates an OAuth 2.0 Client Secret by secretId | |
deactivate_oauth2_client_secret | exec | subdomain | Deactivates an OAuth 2.0 Client Secret by secretId. You can't deactivate a secret if it's the only secret of the client. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
SELECT examples
- list_oauth2_client_secrets
- get_oauth2_client_secret
Lists all client secrets for an OAuth 2.0 client app
SELECT
id,
_links,
client_secret,
created,
lastUpdated,
secret_hash,
status
FROM okta.apps.secrets
WHERE subdomain = '{{ subdomain }}' -- required;
Retrieves an OAuth 2.0 Client Secret by secretId
SELECT
id,
_links,
client_secret,
created,
lastUpdated,
secret_hash,
status
FROM okta.apps.secrets
WHERE subdomain = '{{ subdomain }}' -- required;
INSERT examples
- create_oauth2_client_secret
- Manifest
Creates an OAuth 2.0 Client Secret object with a new active client secret. You can create up to two Secret objects. An error is returned if you attempt to create more than two Secret objects.
> Note: This API lets you bring your own secret. If token_endpoint_auth_method of the app is client_secret_jwt, then the minimum length of client_secret is 32 characters. If no secret is specified in the request, Okta adds a new system-generated secret.
INSERT INTO okta.apps.secrets (
data__client_secret,
data__status,
subdomain
)
SELECT
'{{ client_secret }}',
'{{ status }}',
'{{ subdomain }}'
RETURNING
id,
_links,
client_secret,
created,
lastUpdated,
secret_hash,
status
;
# Description fields are for documentation purposes
- name: secrets
props:
- name: subdomain
value: string
description: Required parameter for the secrets resource.
- name: client_secret
value: string
description: >
The OAuth 2.0 client secret string
- name: status
value: string
description: >
Status of the OAuth 2.0 Client Secret
valid_values: ['ACTIVE', 'INACTIVE']
DELETE examples
- delete_oauth2_client_secret
Deletes an OAuth 2.0 Client Secret by secretId. You can only delete an inactive Secret.
DELETE FROM okta.apps.secrets
WHERE subdomain = '{{ subdomain }}' --required;
Lifecycle Methods
- activate_oauth2_client_secret
- deactivate_oauth2_client_secret
Activates an OAuth 2.0 Client Secret by secretId
EXEC okta.apps.secrets.activate_oauth2_client_secret
@subdomain='{{ subdomain }}' --required;
Deactivates an OAuth 2.0 Client Secret by secretId. You can't deactivate a secret if it's the only secret of the client.
EXEC okta.apps.secrets.deactivate_oauth2_client_secret
@subdomain='{{ subdomain }}' --required;