The user can enter the essential information of the Secret Vault service and create the service by selecting detailed options through the Samsung Cloud Platform Console.
Secret Vault creation
You can create and use the Secret Vault service on the Samsung Cloud Platform Console.
To create a Secret Vault, follow the following procedure.
- All services > Security > Secret Vault menu, click. It moves to the Service Home page of Secret Vault.
- Service Home page, click the Create Secret Vault button. It moves to the Create Secret Vault page.
- Secret Vault Creation page where you enter the information required for service creation and select detailed options.
- Service Information Input area, please select the required information.
Classification NecessityDetailed Description Secret name required Enter Secret name - Enter 3-63 characters using lowercase English letters and numbers
Type Required Select the type of encryption target Authentication Key Required Select the authentication key to use for the Secret Vault service - Click the Use button to select from the pre-created authentication keys in the Authentication Key Management menu.
- In the Authentication Key Management menu, you must select the security authentication method as Private Key Authentication.
- Expired authentication keys will not be retrieved, and authentication keys with a remaining usage period of less than 30 days or already in use in the Secret Vault product cannot be used. (Only one Secret Vault product can be applied per authentication key.)
Token usage period required The usage period of the Token provided by encrypting the authentication key - The Token usage period is automatically set to be the same as the validity period of the input authentication key by default.
- If the authentication key validity period is set to permanent, the Token usage period can be set up to a maximum of 7300 days (20 years).
- The Token usage period cannot be changed after the service application is completed.
- For security enhancement, periodic replacement of the Token is recommended.
- If the Token usage period expires, it is impossible to issue a temporary key, and a new Token must be issued through a new service application.
- If the Token usage period expires, it is impossible to extend the period, and the Token can no longer be used. Before the Token usage period expires, a new Token must be issued through a new service application, and the issued Token information must be applied to the source code.
Access key replacement cycle Required Select the replacement cycle of the access key to be used to access Samsung Cloud Platform resources - The access key usage time is applied from the time the service creation is completed.
- For security enhancement, the access key usage period can only be set up to a maximum of 1.5 days (36 hours).
- A new access key is issued before the access key usage period expires, and the same usage period is applied.
Access Allowed IP Required Enter the IP to allow access and click the Add button - The entered IP must also be set identically in Authentication Key Management > Security Settings > Access Allowed IP to allow access.
- Even when entering a single IP, you must enter ‘/32’ after the IP.
- Up to 10 IPs can be registered.
Description Selection Additional Information Input Table. Secret Vault service information input items - Additional Information Input area, please select the required information.
Classification MandatoryDetailed Description tag selection add tag - add tag button to create and add a tag or add an existing tag
- up to 50 can be added per resource
- newly added tags are applied after service creation is completed
Table. Additional Information Input Items for Secret Vault
- Summary panel where you can check the detailed information generated and the expected billing amount, and click the Complete button.
- Once creation is complete, check the created resource on the Secret Vault list page.
Secret Vault detailed information check
You can check and modify the entire resource list and detailed information of the Secret Vault service. The Secret Vault details page consists of details, tags, and work history tabs.
To check the detailed information of the Secret Vault service, please follow the following procedure.
- All services > Security > Secret Vault menu, click. It moves to the Service Home page of Secret Vault.
- Service Home page, click the Secret Vault menu. It moves to the Secret Vault list page.
- Secret Vault list page, click on the resource to check the detailed information. It moves to the Secret Vault details page.
- Secret Vault details page displays status information and additional feature information, and consists of details, tags, work history tabs.
Classification Detailed Description Secret Vault status the status of the Secret Vault created by the user - Active: in operation
- To be terminated: after applying for service cancellation, waiting for cancellation
- The scheduled cancellation time of the service is displayed, and the service cancellation can be canceled.
- Expired: token expiration status
- The Secret changed to the Expired status cannot perform any actions such as information inquiry, and is automatically deleted after 7 days.
Replace Master Key Delete the master key currently in use and create a new master key - Only the creator of the Secret Vault service can replace the master key.
Service Cancellation Button to cancel the service Table. Secret Vault Status Information and Additional Functions
Detailed Information
Secret Vault List page where you can check the detailed information of the selected resource and modify the information if necessary.
| Classification | Detailed Description |
|---|---|
| Service | Service Name |
| Resource Type | Resource Type |
| SRN | Unique resource ID in Samsung Cloud Platform |
| Resource Name | Resource Title |
| Resource ID | Unique resource ID in the service |
| Creator | The user who created the service |
| Creation Time | The time when the service was created |
| Editor | User who modified the service information |
| Revision Time | Time when service information was revised |
| Secret name | Name of the generated Secret |
| Type | Encryption Method |
| Description | Additional information or description of the Secret Vault service |
| Authentication Key | Authentication key used in Secret Vault service |
| Token usage period | The available period of the Token provided by encrypting the authentication key |
| Token Expiration Time | Token Usage Expiration Time |
| Token ID | Token’s unique ID |
| Token Secret | Token ID and a pair of generated Token Secret |
| Token replacement cycle | The replacement cycle of the token used to access Samsung Cloud Platform resources |
| Expiration Date of License Key | Expiration Date of License Key Usage |
| Allowed IP | List of IPs that are allowed to access |
| Description | Additional information or description about Secret Vault |
Table. Secret Vault detailed information tab items
Tag
Secret Vault List page where you can check the tag information of the selected resource, and add, change or delete it.
| Classification | Detailed Description |
|---|---|
| Tag List | Tag List
|
Fig. Secret Vault tag tab items
Work History
Secret Vault list page where you can check the work history of the selected resource.
| Classification | Detailed Description |
|---|---|
| Work History List | Resource Change History
|
Fig. Secret Vault work history tab detailed information items
Secret Vault Cancellation
You can cancel the corresponding service that is not in use to reduce operating costs. However, if you cancel the service, the operating service may be stopped immediately, so you must consider the impact of stopping the service sufficiently before proceeding with the cancellation work.
Caution
After the service is canceled, the data cannot be recovered, so please be careful.
To cancel the Secret Vault, follow the following procedure.
- All services > Security > Secret Vault menu, click. It moves to the Service Home page of Secret Vault.
- Service Home page, click the Secret Vault menu. It moves to the Secret Vault list page.
- Secret Vault list page, select the resource to be canceled and click the Service Cancellation button. It moves to the Service Cancellation pop-up window.
- Service Cancellation popup window, enter the cancellation waiting period (7-30 days) and click the Confirm button. The service will be cancelled after the cancellation waiting period entered by the user.
Note
- During the cancellation waiting period, the existing access key is deleted, and an additional access key for accessing Samsung Cloud Platform resources cannot be issued.
Secret Vault cancellation cancellation
You can cancel the cancellation of the service that is waiting for cancellation and use it again.
To cancel the cancellation of Secret Vault, follow the next procedure.
- All Services > Security > Secret Vault menu, click. It moves to the Service Home page of Secret Vault.
- Service Home page, click the Secret Vault menu. It moves to the Secret Vault list page.
- Secret Vault list page, click the resource to cancel the cancellation. It moves to the Secret Vault details page.
- Secret Vault details page, click the cancel cancellation button. It moves to the service cancellation cancellation pop-up window.
- Service Cancellation Cancel popup window, check the contents, and then click the Confirm button. The status of the resource that canceled the cancellation will be restored to Active.
Reference
- If the authentication key used in Secret is deleted, the service cancellation cannot be cancelled.
- If the authentication key used in Secret is stopped or deleted, you cannot cancel the service cancellation. First, release the suspension of the authentication key.
- Only the creator of the Secret Vault service can cancel the service cancellation.
Application Token settings
Secret Vault service application to obtain the Token information is required for API calls for OpenAPI key issuance request information, Token information for each application environment to fit please set.
To set the token information, follow the next procedure.
- Apply the Token information to the environment variable setting file of the Application.
- Set the Token information so that it can be referenced by the API call Logic within the Application.
- use OpenAPI → GET /v1/temporarykey/{secretvault_id}
- For more detailed information, please refer to the Open API Guide of Samsung Cloud Platform Console.
- Set the Token information so that the API call Logic within the Application can reference it.
- The IMS kit can remove hard coding from existing source code and use token information to call OpenAPI and issue it for use. For more information, please refer to the Open API Guide in the Samsung Cloud Platform Console.
Notice
The following is an example for reference. Set the source code according to the application standard you want to use the Token.
application.yml or application.properties and other environment variable setting files
Apply the issued Token information to the environment variable setting file.
secretvault.secretvault.id= {{ ID }}
secretvault.tokenId= {{ Token ID }}
secretvault.tokenSecret= {{ Token Secret }}
Java file
Apply to the class file for environment variable recognition.
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SecretVaultConfiguration {
@Value("${secretvault.id}")
private String id;
@Value("${secretvault.tokenId}")
private String tokenId;
@Value("${secretvault.tokenSecret}")
private String tokenSecret;
@Bean
public OpenApiClient openApiClient() {
// Create OpenApiClient or another API client and initialize it using the setting values
return new OpenApiClient(secretVaultName, tokenId, tokenSecret);
}
}