Create a Mapped Secret

Create mapped secrets to use in decryption profiles to decrypt and inspect SSL/TLS traffic with SSL forward proxy or SSL inbound inspection.

Before you can create a mapped secret:
You can create a maximum of 300 SSL inbound inspection mapped secrets. You can create a maximum of one SSL forward proxy mapped secret.
Important

Some names are reserved by Palo Alto Networks®. If you create a policy component with a reserved name, the process fails with an error. See Reserved Names.
    1. On the navigation menu, click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click the policy.
    3. Under Policy resources, click Mapped secrets.
    4. Click Create mapped secret.
    5. In the Mapped secret name box, enter a name.
    6. In the Mapped secret type list, do one of the following:
      • To decrypt or inspect SSL/TLS traffic from internal users to the internet, select SSL inbound inspection.
      - or -
      • To decrypt or inspect inbound SSL/TLS traffic from a client to a network server, select SSL forward proxy.
    7. In the Vault list, select the vault that contains the secret you want to map to the inbound or outbound key.
    8. In the Secret list, select the secret.
    9. In the Version number list, select the secret version.
    10. Click Create mapped secret.
  • Use the network-firewall mapped-secret create command and required parameters to create a mapped secret:

    oci network-firewall mapped-secret create --name my_mapped_secret --source OCI_VAULT
    --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
    --type SSL_INBOUND_INSPECTION --vault-secret-ID secret OCID --version-number integer [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateMappedSecret operation to create a mapped secret.