The page has been translated by Gen AI.

Overview

Service Overview

Secret Vault is a service that, by using the Open API to connect to the Samsung Cloud Platform, allows you to obtain a secure token‑based temporary key without hard‑coding security information in plain text, enabling access to the Samsung Cloud Platform’s services and resources. It also manages the lifecycle of the temporary key to maintain a hardened security environment when using APIs.

Features

  • Enhanced Security Environment Implementation: Instead of hardcoding authentication credentials in the application source code, you can obtain a token-based temporary key to mitigate security threats arising from credential leakage.
  • Life-Cycle based temporary key management: To meet security requirements, users do not need to manually manage the lifecycle of temporary keys. It provides automated temporary key management and replacement functions according to the initially configured lifecycle.
  • Various resource utilization possible: Through the Token issued by Secret Vault, you can access not only resources within the Samsung Cloud Platform but also external resources (other CSPs, on‑premise, etc.) in a reinforced security environment.

Service Architecture Diagram

Diagram
Figure. Secret Vault diagram

Provided features

Secret Vault provides the following features.

  • Add Token authentication and encrypt authentication key storage: Provides token issuance via an authentication key and temporary key issuance using the token, and securely stores the authentication key information encrypted (AES-256).
  • Temporary Key Life-cycle Management: Provides issuance and automatic replacement of temporary keys according to their life cycle, and allows setting a replacement interval in hours (up to 36 hours).
  • Access Control Feature: IP-based access control of the resources where the user application runs is possible.

Component

Secret

A Secret is an object that combines token information and temporary key rotation information, and can be requested by the user in the console.

Token

A token is a unique string used to authenticate a user’s identity and verify permissions, and when making an Open API request, you can obtain a temporary token that allows access to the Samsung Cloud Platform.

Constraints

Secret Vault provides a region-based service. Therefore, when creating a Secret, you cannot select an authentication key that is being used by a Secret in another region.

Prior Service

Secret Vault does not require any separate prerequisite service work.

Release Note
How-to guides