This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    Secret Vault is a service that allows access to Samsung Cloud Platform services and resources with a security-enhanced token-based temporary key without hard-coding security information in plain text format when accessing using Open API, and also manages the lifecycle of the temporary key to maintain a security-enhanced environment when using the API.

    Features

    • Enhanced Security Environment: Instead of entering hard-coded authentication information into the application source code, you can respond to security threats due to authentication information leakage by issuing a token-based temporary key.
    • Life-Cycle based key management: Users do not need to manage the life cycle of the key directly to meet security requirements. It provides automated key management and replacement functions according to the set life cycle.
    • Various resource utilization possible: Through the token issued by Secret Vault, not only resources within Samsung Cloud Platform but also external resources (other CSP, On-Premise, etc.) can be accessed through an enhanced security environment.

    Service Composition Diagram

    Configuration Diagram
    Figure. Secret Vault Configuration Diagram

    Provided Features

    Secret Vault provides the following features.

    • Token Authentication Addition and Encryption Storage: It provides token issuance and temporary key issuance functions using authentication keys, and safely stores authentication key information by encrypting it (AES-256).
    • Key Life-cycle Management: Provides key issuance and automatic replacement functions based on the life cycle, and allows setting the replacement cycle by time unit (up to 36 hours).
    • Access Control Function: The user application can control access to resources based on IP.

    Component

    Secret

    Secret is a form of information that combines Token information and temporary key exchange cycle information, and is an object that can be applied by the user in the console.

    Token

    Token is a unique string used to authenticate the user’s identity and verify authority, and a temporary key can be issued to access the Samsung Cloud Platform through token-based authentication when requesting Open API.

    Constraints

    Secret Vault provides a region-based service. Therefore, when creating a Secret, you cannot select an authentication key being used in a Secret from a different region.

    Preceding Service

    Secret Vault does not require any separate prior service work.