Scribd
Upload
14 views5 pages

Announcing Cross

Uploaded by

Zaid Akhter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views5 pages

Announcing Cross

Uploaded by

Zaid Akhter
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Announcing Cross-Region Replication for OCI Secrets

August 14, 2025 | 3 minute read

Suyog Pathak

Principal Product Manager- OCI Secuirty and Cryptography

Oracle Cloud Infrastructure (OCI) has launched Cross-region Replication for Secrets, now generally
available. This new feature enables customers to replicate secrets across up to three regions,
supporting disaster recovery, high availability, and multi-region deployments.

By extending OCI Vault with seamless secret replication, cross-region replication strengthens cloud
resilience and simplifies operations.

Why it matters

Secrets in Vault are region-bound by default. Customers previously had to build custom solutions
to keep copies available in other regions, increasing risk and complexity. With cross-region
replication, secrets can now be replicated automatically using the Console, API, CLI, SDK, or
Terraform, helping to improve availability and performance close to where applications run.

Example:

• The diagram below shows that a secret can be replicated to 3 sites

• The replicated secrets are read-only

• They can use a different vault from the source region

• The key for each region is different.


What’s included

Customers can now:

• Replicate secrets in up to three regions

• Maintain a consistent OCID and metadata across replicas

• Assign unique vaults and keys per region

Secrets remain read-only in replica regions.

Use Cases

Cross-region replication supports:

• Disaster recovery for critical credentials

• Low-latency access in multi-region apps

• Secure automation across dev, test, and prod

• Simplified migration from legacy secret sync tools

Permissions Required to Configure Replication

To create a secret with replication enabled, ensure you or the resource principal has all the
following permissions:

• SECRET_CREATE, KEY_ENCRYPT, KEY_DECRYPT, VAULT_CREATE_SECRET (for using


the CreateSecret API or creating secrets in the Console or other interfaces.

• SECRET_REPLICATE_CONFIGURE
• To update (or remove) a replication configuration, ensure you or the resource principal has
all the following permissions:

• SECRET_UPDATE (for using the UpdateSecret API or updating secrets in the Console or
other interfaces).

• SECRET_REPLICATE_CONFIGURE

Please review the documentation for the sample policy

Getting started in the Console

Secrets can be replicated during creation, or you can edit an existing secret

Replicating a secret at the time of creation is achieved by following these steps:

1. Navigate to Secrets by following Security -> Vault -> Select a vault -> Secrets

2. Select an action to create a secret

3. Enable replication, and you can select up to three regions.

4. Choose target vaults and keys for each region.

5. Finalize other fields and create a secret.

To update the replication properties of an existing secret

1. In your vault, go to Secrets and choose the secret you want to replicate.

2. In the secret’s details page, find the Replication section and click Enable Replication.

3. Choose up to 3 destination regions and select the vault keys for each replica,

4. Confirm

The secret syncs automatically, and work requests tracking replication status are viewable in the
console.

Automation support

Cross-region replication is fully supported via:

• SDK and CLI options to define replicas and keys

• Terraform.

• API

Documentation and examples are available to accelerate onboarding.

Availability and pricing

Cross-region Replication is now available in all commercial OCI regions. Secrets in Vault is a free
service, with no added cost for storage, API calls, or replication.

Summary
Cross-region Replication for Secrets helps customers meet high availability and disaster recovery
goals with less complexity. It's a scalable, no-cost solution for resilient secret management in
global OCI environments.

To get started, visit the Console or explore the documentation.

Suyog Pathak

Principal Product Manager- OCI Secuirty and Cryptography

Previous Post

Announcing OCI Landing Zones AI Transaction Monitoring Workload Template

Nelson Chen | 3 min read

Resources for

• About

• Careers

• Developers

• Investors

• Partners

• Startups

Why Oracle

• Analyst Reports

• Best CRM

• Cloud Economics

• Corporate Responsibility

• Diversity and Inclusion

• Security Practices
Learn

• What is Customer Service?

• What is ERP?

• What is Marketing Automation?

• What is Procurement?

• What is Talent Management?

• What is VM?

What's New

• Try Oracle Cloud Free Tier

• Oracle Sustainability

• Oracle COVID-19 Response

• Oracle and SailGP

• Oracle and Premier League

• Oracle and Red Bull Racing Honda

Contact Us

• US Sales 1.800.633.0738

• How can we help?

• Subscribe to Oracle Content

• Try Oracle Cloud Free Tier

• Events

• News

• © 2025 Oracle

• Privacy/Do Not Sell My Info

• Cookie Preferences

• Ad Choices

• Careers

Chat now

Call US Sales

+1.800.633.0738

Complete list of local country numbers

You might also like