ALTER SECRET

Use ALTER SECRET to:

Syntax

To change the value of a secret:

ALTER SECRET [IF EXISTS] <name> AS <value>;

Syntax element	Description
`<name>`	The identifier of the secret you want to alter.
`<value>`	The new value for the secret. The value expression may not reference any relations, and must be implicitly castable to `bytea`.

To rename a secret:

ALTER SECRET [IF EXISTS] <name> RENAME TO <new_name>;

Syntax element	Description
`<name>`	The current name of the secret.
`<new_name>`	The new name of the secret.

To change the owner of a secret:

ALTER SECRET [IF EXISTS] <name> OWNER TO <new_owner_role>;

Syntax element	Description
`<name>`	The name of the secret you want to change ownership of.
`<new_owner_role>`	The new owner of the secret.

To change the owner, you must be a current owner as well as have membership in the <new_owner_role>.

After an ALTER SECRET command is executed:

Future CREATE CONNECTION, CREATE SOURCE, and CREATE SINK commands will use the new value of the secret immediately.
Running sources and sinks that reference the secret will not immediately use the new value of the secret. Sources and sinks may cache the old secret value for several weeks.

To force a running source or sink to refresh its secrets, drop and recreate all replicas of the cluster hosting the source or sink.

For a managed cluster:
```
ALTER CLUSTER storage_cluster SET (REPLICATION FACTOR = 0);
ALTER CLUSTER storage_cluster SET (REPLICATION FACTOR = 1);
```
For an unmanaged cluster:
```
DROP CLUSTER REPLICA storage_cluster.r1;
CREATE CLUSTER REPLICA storage_cluster.r1 (SIZE = '<original size>');
    ```
```

ALTER SECRET kafka_ca_cert AS decode('c2VjcmV0Cg==', 'base64');

The privileges required to execute this statement are:

Ownership of the secret being altered.
In addition, to change owners:
- Role membership in new_owner.
- CREATE privileges on the containing schema if the secret is namespaced by a schema.