This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How-to guides

Users can create the service by entering the required information for the Secret Vault service and selecting detailed options through the Samsung Cloud Platform Console.

Create Secret Vault

You can create and use the Secret Vault service in the Samsung Cloud Platform Console.

To create a Secret Vault, follow these steps.

Click the All Services > Security > Secret Vault menu. Navigate to the Service Home page of Secret Vault.
On the Service Home page, click the Create Secret Vault button. You will be taken to the Create Secret Vault page.

On the Create Secret Vault page, enter the information required to create the service and select detailed options.

Select the required information in the Service Information Input area.

Category	Required status	Detailed description
Secret name	Required	Enter Secret name Enter 3~63 characters using lowercase English letters and numbers
type	Required	Select the type of encryption target
authentication key	Required	Select an authentication key to use with the Secret Vault service Click the Use button and select a pre‑generated authentication key from the Authentication Key Management menu. In the Authentication Key Management menu, you must select one‑time authentication as the security authentication method. Expired authentication keys are not displayed, and keys with a remaining validity of less than 30 days or keys already in use for a Secret Vault product cannot be used. (Only one Secret Vault product can be applied per authentication key.)
Token usage period	Required	Enter the usage period of the Token provided by encrypting the authentication key The Token usage period is automatically set to match the validity period of the entered authentication key by default. If the authentication key validity period is set to permanent, the Token usage period can be set up to a maximum of 7,300 days (20 years). The Token usage period cannot be changed after the service application is completed. Periodic replacement of the Token is recommended to enhance security. When the Token usage period expires, temporary key issuance is not possible, and you must obtain a new Token by submitting a new service application. Once the Token usage period expires, it cannot be extended and the Token can no longer be used. Before the Token usage period expires, obtain a new Token by submitting a new service application and apply the issued Token information to your source code.
IMSI key replacement interval	Required	Select the temporary key rotation period to be used for accessing Samsung Cloud Platform resources The temporary key usage time is applied from the moment the service creation is completed. For security enhancement, the temporary key usage period can be set to a maximum of 1.5 days (36 hours). A new temporary key is issued before the temporary key expires, and the same usage period applies.
Allowed IP	Required	Enter the IP to allow access, then click the Add button The entered IP must also be set identically in Key Management > Security Settings > Allowed Access IP for access to be permitted. Even when entering a single IP, be sure to append ‘/32’ after the IP. You can register up to 10 IPs.
Explanation	Select	Enter additional information

Table. Secret Vault service information input fields

Select the required information in the Additional Information Input area.

Category	Required status	Detailed description
tag	Select	Add Tag Add Tag Click the button to create and add a tag, or add an existing tag. Up to 50 tags can be added per resource. The newly added tags are applied after the service creation is completed.

Check Secret Vault detailed information

You can view and edit the full list of resources and detailed information for the Secret Vault service. The Secret Vault Details page consists of Details, Tags, and Activity Log tabs.

To view detailed information about the Secret Vault service, follow these steps.

Click the All Services > Security > Secret Vault menu. You will be taken to the Secret Vault Service Home page.
On the Service Home page, click the Secret Vault menu. You will be taken to the Secret Vault List page.

On the Secret Vault List page, click the resource to view detailed information. You will be taken to the Secret Vault Details page.

Secret Vault Details page displays status information and additional feature information, and consists of Details, Tags, Activity Log tabs.

Category	Detailed description
Secret Vault status	Status of the Secret Vault created by the user Active: Running To be terminated: Pending termination after a service cancellation request The scheduled termination time of the service is displayed, and you can cancel the service termination. Expired: Token expired state Secrets that have changed to the Expired state cannot perform any actions such as information retrieval, and are automatically deleted after 7 days.
Replace temporary key	Immediately delete the current temporary key and generate a new temporary key Only the creator of the Secret Vault service can replace the temporary key.
Service termination	Button to cancel the service

Detailed Information

Secret Vault List page lets you view detailed information of the selected resource and modify the information if necessary.

Category	Detailed description
Service	Service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource name	Resource Name
Resource ID	Unique resource ID in the service
Constructor	User who created the service
Creation date and time	Service creation timestamp
Editor	User who edited the service information
Modification date	Date and time the service information was modified
Secret name	Name of the generated Secret
type	Encryption method
Explanation	Additional information or description about the Secret Vault service
authentication key	Authentication key used by the Secret Vault service
Token usage period	Validity period of the Token provided by encrypting the authentication key
Token expiration time	Token expiration date and time
Token ID	Token’s unique ID
Token Secret	Token Secret generated as a pair with Token ID
IMSI key replacement interval	Rotation period of the temporary key used to access Samsung Cloud Platform resources
Temporary key expiration date and time	Temporary key expiration date and time
Allowed IP	Allowed IP list
Explanation	Additional information or description about Secret Vault

Table. Secret Vault detailed information tab items

Category	Detailed description
Tag list	Tag list You can view the Key, Value information of the tag Up to 50 tags can be added per resource When entering a tag, you can search and select from the list of previously created Keys and Values

Job History

On the Secret Vault List page, you can view the operation history of the selected resource.

Category	Detailed description
Task History List	Resource Change History You can view operation details, operation time, resource type, resource name, operation result, and operator information Operation History List Click the relevant resource in the list. Operation History Details A popup window will open.

Terminate Secret Vault

You can cancel the unused service to reduce operating costs. However, if you cancel the service, the running service may be terminated immediately, so you should thoroughly consider the impact of service interruption before proceeding with the cancellation.

Caution

Be careful, as data cannot be recovered after terminating the service.

To cancel Secret Vault, follow the steps below.

Click the All Services > Security > Secret Vault menu. Navigate to the Service Home page of Secret Vault.
On the Service Home page, click the Secret Vault menu. You will be taken to the Secret Vault List page.
On the Secret Vault List page, select the resource to cancel and click the Cancel Service button. You will be taken to the Cancel Service popup window.
Service Cancellation popup window, after entering the termination waiting period (7~30 days), click the Confirm button. The service will be terminated after the waiting period entered by the user.

Reference

During the termination waiting period, the existing temporary key is deleted, and you cannot issue an additional temporary key to access Samsung Cloud Platform resources.

Cancel Secret Vault termination

You can cancel the termination of a service that is pending cancellation and use it again.

To cancel the termination of Secret Vault, follow these steps.

Click the All Services > Security > Secret Vault menu. Navigate to the Service Home page of Secret Vault.
On the Service Home page, click the Secret Vault menu to go to the Secret Vault List page.
On the Secret Vault List page, click the resource to cancel the termination. You will be taken to the Secret Vault Detail page.
On the Secret Vault Details page, click the Cancel Termination button. You will be taken to the Cancel Service Termination popup.
Cancel Service Termination After reviewing the content in the popup window, click the Confirm button. The status of the resource for which the termination was canceled will be restored to Active.

Note

If the authentication key used in the Secret has been deleted, you cannot cancel the service termination.
If the authentication key used in the Secret has been disabled or deleted, you cannot cancel the service termination. Re‑enable the authentication key first.
Only the creator of the Secret Vault service can cancel the service termination.

Configure Application Token

The Token information issued through the Secret Vault service application is required for API calls to request OpenAPI temporary key issuance. Set the Token information according to each Application environment.

To configure the token information, follow these steps.

Apply the token information to the application’s environment variable configuration file.
Configure the token information so that the API call logic within the application can reference it.
- Use OpenAPI → GET /v1/temporarykey/{secretvault_id}
- For more details, refer to the Open API Guide in the Samsung Cloud Platform Console.
Configure the token information so that the API call logic within the application can reference it.
- The temporary key removes hard coding in the existing source code and can be obtained and used via OpenAPI calls using token information. For details, refer to the Open API Guide in the Samsung Cloud Platform Console.

guide

Below is a reference example. Configure the source code to align with the Application standard that intends to use the Token.

application.yml or application.properties environment variable configuration files

Apply the obtained Token information to the environment variable configuration file.

secretvault.secretvault.id= {{ ID }}
secretvault.tokenId= {{ Token ID }}
secretvault.tokenSecret= {{ Token Secret }}

Java file

Apply it to the class file for environment variable recognition.

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SecretVaultConfiguration {
    @Value("${secretvault.id}")
    private String id;

    @Value("${secretvault.tokenId}")
    private String tokenId;

    @Value("${secretvault.tokenSecret}")
    private String tokenSecret;

    @Bean
    public OpenApiClient openApiClient() {
        // OpenApiClient 또는 다른 API 클라이언트를 생성하고 설정 값을 사용하여 초기화
        return new OpenApiClient(secretVaultName, tokenId, tokenSecret);
    }
}