> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mixpeek.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Secret

> Update an existing secret in organization vault.

**Security**:
- Replaces existing encrypted value with new encrypted value
- Old value is permanently overwritten
- No history or audit trail of previous values

**Use Cases**:
- Rotate API keys periodically
- Update expired tokens
- Change credentials after security incident



## OpenAPI

````yaml put /v1/organizations/secrets/{secret_name}
openapi: 3.1.0
info:
  title: Mixpeek API
  description: >-
    This is the Mixpeek API, providing access to various endpoints for data
    processing and retrieval.
  termsOfService: https://mixpeek.com/terms
  contact:
    name: Mixpeek Support
    url: https://mixpeek.com/contact
    email: info@mixpeek.com
  version: '0.82'
servers:
  - url: https://api.mixpeek.com
    description: Production
security: []
paths:
  /v1/organizations/secrets/{secret_name}:
    put:
      tags:
        - Organization Secrets
      summary: Update Secret
      description: |-
        Update an existing secret in organization vault.

        **Security**:
        - Replaces existing encrypted value with new encrypted value
        - Old value is permanently overwritten
        - No history or audit trail of previous values

        **Use Cases**:
        - Rotate API keys periodically
        - Update expired tokens
        - Change credentials after security incident
      operationId: update_secret_v1_organizations_secrets__secret_name__put
      parameters:
        - name: secret_name
          in: path
          required: true
          schema:
            type: string
            title: Secret Name
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateSecretRequest'
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SecretResponse'
        '400':
          description: Bad Request
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '401':
          description: Unauthorized
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '403':
          description: Forbidden
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '404':
          description: Not Found
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
        '500':
          description: Internal Server Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
components:
  schemas:
    UpdateSecretRequest:
      properties:
        secret_value:
          type: string
          minLength: 1
          title: Secret Value
          description: >-
            REQUIRED. New plaintext value for the secret. This will replace the
            existing encrypted value. The old value is permanently overwritten
            with no history. The new value will be encrypted at rest using
            Fernet encryption. Use this to rotate keys, update expired tokens,
            or change credentials. Format: any string (will be encrypted as-is).
          examples:
            - YOUR_STRIPE_API_KEY
            - ghp_rotated_token_def456
            - new_api_key_ghi789
      type: object
      required:
        - secret_value
      title: UpdateSecretRequest
      description: |-
        Request to update an existing secret in the organization vault.

        Updates the encrypted value of an existing secret. The old value is
        permanently overwritten with no history or rollback capability.

        **Use Cases**:
        - Rotate API keys periodically for security
        - Update expired tokens
        - Change credentials after security incident
        - Switch from test to production keys

        **Security**:
        - Old value is permanently overwritten (no history)
        - New value is encrypted before storage
        - No rollback or undo capability
        - Update is logged for audit trail

        **Requirements**:
        - secret_value: REQUIRED, new plaintext value
        - Secret must already exist (use POST to create)

        **Permissions**: Requires ADMIN permission to update secrets.
      examples:
        - description: Rotate Stripe API key
          secret_value: YOUR_STRIPE_API_KEY
        - description: Update expired GitHub token
          secret_value: ghp_new_token_def456
        - description: Switch from test to production key
          secret_value: YOUR_STRIPE_API_KEY
    SecretResponse:
      properties:
        secret_name:
          type: string
          title: Secret Name
          description: >-
            Name of the secret that was operated on. This is the same name
            provided in the request. Use this name to reference the secret in
            api_call stage configuration.
          examples:
            - stripe_api_key
            - github_token
            - openai_api_key
        created:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Created
          description: >-
            True if this secret was created, null otherwise. Only set for POST
            /secrets operations.
        updated:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Updated
          description: >-
            True if this secret was updated, null otherwise. Only set for PUT
            /secrets/{name} operations.
        deleted:
          anyOf:
            - type: boolean
            - type: 'null'
          title: Deleted
          description: >-
            True if this secret was deleted, null otherwise. Only set for DELETE
            /secrets/{name} operations.
      type: object
      required:
        - secret_name
      title: SecretResponse
      description: >-
        Response for secret operations (NEVER includes actual decrypted value).


        This response is returned after creating, updating, or deleting a
        secret.

        For security, the actual secret value is NEVER included in API
        responses.

        Only the secret name and operation status are returned.


        **Security**:

        - Decrypted secret values are NEVER included

        - Only secret name and operation status returned

        - Actual value only accessible by internal services


        **Fields**:

        - secret_name: Name of the secret that was operated on

        - created: True if secret was created (null for other operations)

        - updated: True if secret was updated (null for other operations)

        - deleted: True if secret was deleted (null for other operations)
      examples:
        - created: true
          description: Secret created successfully
          secret_name: stripe_api_key
        - description: Secret updated successfully
          secret_name: github_token
          updated: true
        - deleted: true
          description: Secret deleted successfully
          secret_name: old_api_key
    ErrorResponse:
      properties:
        success:
          type: boolean
          title: Success
          description: Always false for error responses
          default: false
        status:
          type: integer
          title: Status
          description: HTTP status code for this error
        error:
          $ref: '#/components/schemas/ErrorDetail'
          description: Error details payload
      type: object
      required:
        - status
        - error
      title: ErrorResponse
      description: Error response model.
      examples:
        - error:
            details:
              id: ns_123
              resource: namespace
            message: Namespace not found
            type: NotFoundError
          status: 404
          success: false
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError
    ErrorDetail:
      properties:
        message:
          type: string
          title: Message
          description: Human-readable error message
        type:
          type: string
          title: Type
          description: Stable error type identifier (machine-readable)
        code:
          anyOf:
            - type: string
            - type: 'null'
          title: Code
          description: >-
            Fine-grained error code for programmatic handling (e.g.,
            namespace_name_taken, feature_extractor_not_found). Present only
            when consumers may need to branch on a specific error condition.
        details:
          anyOf:
            - additionalProperties: true
              type: object
            - type: 'null'
          title: Details
          description: >-
            Optional structured details to help debugging (validation errors,
            IDs, etc.)
      type: object
      required:
        - message
        - type
      title: ErrorDetail
      description: Error detail model.
    ValidationError:
      properties:
        loc:
          items:
            anyOf:
              - type: string
              - type: integer
          type: array
          title: Location
        msg:
          type: string
          title: Message
        type:
          type: string
          title: Error Type
        input:
          title: Input
        ctx:
          type: object
          title: Context
      type: object
      required:
        - loc
        - msg
        - type
      title: ValidationError

````