What are the differences between the two types of objects we can use to store sensitive information, OPAQUE and SECRET?

The difference between an Opaque object and a Secret object is as follows:

  • When you do a GET on an Opaque object, you get its value along with metadata. For all other types, the value is not returned.
  • You can get the value of the Secret object by calling Export API which will also generate an audit log. By default, all Secret objects are exportable.

To store sensitive Information, a Secret object is recommended.

Was this article helpful?
0 out of 0 found this helpful