This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Secrets Manager

1: Overview

2: How-to guides

2.1: Secret lookup API reference

3: Release Note

1 - Overview

Service Overview

Secrets Manager is a service that encrypts customers’ sensitive information as Secrets (secure information) and stores and manages it safely. It removes hardcoding of important information in application source code, and allows you to call and retrieve Secrets stored safely in a Key-Value format. Secrets are encrypted with user-managed keys in conjunction with Key Management Service and stored securely.

Service Architecture Diagram

Provided Features

Secrets Manager provides the following features.

Secret creation/deletion: Secrets Manager can create/delete and manage Secrets. Users store security (sensitive) information in Key/Value form in the created Secret.
Secret lookup: You can view the Secret value based on custom policies and permissions.
Label-based version control: You can set a label on the version, which is a snapshot of unique data generated each time a Secret is modified, allowing you to manage Secrets more efficiently.

Components

Secret

It stores the logical unit for sensitive (important) information by encrypting security information values in Key/Value form with a KMS key.

Secret is an object created through the creation of a Secrets Manager product service in the Samsung Cloud Platform Console.

Version

It is a snapshot of unique data that is newly created each time a Secret is modified (the unit that stores the actual value of the Secret).

Label

It is a name tag or label attached to a specific version of a Secret (a pointer for referencing a specific version).

Constraints

Secrets Manager service constraints are as follows. Before use, be sure to check the constraints below and reflect them in your service usage plan.

Reference

Secrets Manager is a regional service, and the created Secret can only be used within that region.
As of December 2025, Secrets Manager provides only public endpoints via Open API. In the future, we plan to provide private endpoints that can be connected based on Samsung Cloud Platform resources.

Item	Detailed Description	Quota
Secret Value Size	Size of encrypted Secret value	65,536
Secrets	Number of Secrets per region in an Account	500,000
Attached Labels for Secret	Number of Labels attached to all versions of Secret	20
Versions per Secret	Number of Secret versions	100

Table. Secrets Manager Constraints

Pre-service

Secrets Manager has no prerequisite service.

2 - How-to guides

The user can enter the required information for the Secrets Manager service through the Samsung Cloud Platform Console, select detailed options, and create the service.

Secrets Manager Create

You can create and use Secrets Manager from the Samsung Cloud Platform Console.

To create Secrets Manager, follow the steps below.

All Services > Security > Secrets Manager Click the menu. Navigate to the Service Home page of Secrets Manager.
Click the Secrets Manager Create button on the Service Home page. You will be taken to the Secrets Manager Create page.

Secrets Manager creation On the page, enter the information required to create the service and enter additional information.

Service Information Input area, please enter or select the required information.

Category	Required status	Detailed description
Secret name	Required	Enter Secret name
Type	Required	Select the type to manage encrypted with Secret from the list
Key/Value input	Required	Enter the Secret information’s Key/Value as a pair + Click the + icon to add up to 10 X Click the X icon to delete the entry
Encryption Key	Required	Select the KMS key to use when encrypting the Secret from the list Choose a key created in the KMS service from the list. Or click +Create New to create a KMS key Only KMS keys for encryption/decryption can be selected. The selectable encryption/decryption KMS key types are encryption/decryption (AES-256), encryption/decryption and signing/verification (RSA-2048), encryption/decryption (ARIA) – three types When entering Key/Value, input must be within 64 KB; registration is not allowed if the size exceeds For detailed information on creating a KMS key, refer to Create KMS Key
Public Access Control	Required	Enter public access allowed IP After entering IP address, click Add button to register up to 10 Click Delete All button to delete all IP entries in the list 0.0.0.0/24 - 0.0.0.0/32 ranges can be registered but may be vulnerable to security
Private Access Control	Select	Use After selecting, select resources to allow private access Click the Add button to add an access-allowed resource If not set to use, all subnet resources in the same region are allowed access
Description	Select	Enter description for Secrets Manager

Table. Secrets Manager service information input items

Additional Information Input Enter or select the required information in the area.
Category
Required or not
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. Secrets Manager additional information input items

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- When creation is complete, check the created resource on the Secrets Manager List page.

Category	Required or not	Detailed description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Secrets Manager View Detailed Information

Secrets Manager can view and edit the full list of resources and detailed information. Secrets Manager Details page consists of Detailed Information, Version, Tag, Activity History tabs.

To view detailed information of Secrets Manager, follow the steps below.

All Services > Security > Secrets Manager Click the menu. Go to the Service Home page of Secrets Manager.
Click the Secrets Manager menu on the Service Home page. You will be taken to the Secrets Manager List page.
Secrets Manager List Click the resource to view detailed information on the page. Go to the Secrets Manager Details page.

Secrets Manager Details At the top of the page, status information and descriptions of additional features are displayed.
Category Detailed description
Status Displays the status of Secrets Manager
Active: available/active
To be terminated: scheduled for deletion
Service cancellation Button to cancel the service
Table. Secrets Manager status information and additional features

Category	Detailed description
Status	Displays the status of Secrets Manager Active: available/active To be terminated: scheduled for deletion
Service cancellation	Button to cancel the service

Detailed Information

Secrets Manager List page allows you to view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform
Resource Name	Resource Name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation time	Service creation time
Editor	User who modified the service
Modification Date and Time	Service Modification Date and Time
Secret name	Name of the created Secret
Secret value	Entered Secret value View button click then after entering password, you can view and edit information in the Secret value view window
Type	Type of the generated Secret
Recent search date/time	Recent search date/time of generated Secret
Encryption Key	Displays the KMS key name selected by the user Clicking the key name navigates to the KMS key detail page Clicking the edit icon allows changing the key in the encryption key edit window
URL	Public/Private URL information display Copy icon can be clicked to copy the URL address
Public Access Control	Display registered public access allowed IP Edit icon can be clicked to modify IP address
Private Access Control	Display registered private access allowed resources Edit icon click enables resource modification
Description	Display additional description for Secret Click the edit icon to edit the description

Table. Secrets Manager detailed information tab items

Version

Secrets Manager List page allows you to track the version of a selected Secret using labels.

Reference

When checking the version information of Secret Manager, refer to the definition of each item.

Secret: Logical unit that stores sensitive (important) information
Version: a snapshot of unique data that is newly created each time the Secret is modified (the unit that stores the actual value of the Secret)
Label: a name tag or label attached to a specific version of a Secret (a pointer to reference a specific version)

Category	Detailed description
Version ID	Displays the ID of the current version, previous version, and the version with a custom label (Custom Label) set Copy Click the icon to copy the version ID value
Label	Secret version display CURRENT: current version PREVIOUS: previous version CUSTOM_LABEL: custom label
Last Access Time	Secret’s Recent Access Time
Creation time	Creation time of Secret

Table. Secrets Manager version tab items

Caution

The constraints when using Secret’s version are as follows.

Up to 100 versions can be stored per Secret. Regardless of whether a custom label is set, if the number of versions exceeds 100, the oldest versions will be deleted.
For important versions with custom labels set, create a new Secret before the version is deleted due to quota exceedance, and configure the running application to reference the new Secret.

Category	Detailed description
Tag List	Tag List You can check the tag’s Key, Value information Up to 50 tags can be added per resource When entering a tag, search and select from the existing Key and Value list

Work History

Secrets Manager list page allows you to view the operation history of the selected resource.

Category	Detailed description
Work Details	Work Execution Content
Work date and time	Task execution date and time
Resource Type	Resource Type
Resource Name	Resource Name
Work result	Task execution result (success/failure)
Operator Information	Information of the user who performed the task

Table. Secrets Manager operation history tab detailed information items

Secrets Manager Cancel

You can cancel the unused Secrets Manager.

Caution

If you cancel Secret Manager, you cannot use any features of Secrets Manager, and it will be permanently deleted after the cancellation waiting period. During the cancellation waiting period, the Secret cannot be searched.

To cancel Secrets Manager, follow the steps below.

All Services > Security > Secrets Manager Click the menu. Navigate to the Service Home page of Secrets Manager.
Click the Secrets Manager menu on the Service Home page. Go to the Secrets Manager List page.
Secrets Manager List page, click the resource to view detailed information. You will be taken to the Secrets Manager Details page.
Secrets Manager Details on the page, click the Cancel Service button. You will be taken to the Cancel Service popup.
Service Termination popup window, enter the cancellation waiting period and click the Confirm button.
- The termination waiting period can be entered within the range of 7 - 30 days.
Once termination is complete, check on the Secrets Manager list page whether the resource has been terminated.

Guide

If you want to reuse the Secret during the termination waiting period, go to the Secrets Manager List page and click the context menu of the desired Secret item > Cancel termination. If the termination cancellation succeeds, you can use the Secret again.

2.1 - Secret lookup API reference

This user guide explains how to use and call the Public / Private Endpoint of Secrets Manager.

Caution

Public Endpoint can be called in an environment where internet communication is possible.
Private Endpoint can only be called from Samsung Cloud Platform VMs.

Pre-setup for Endpoint call

Describes the prerequisite configuration items required when calling the Secrets Manager endpoint.

Register Security Group’s Outbound Rule

To call the endpoint, you need to register an outbound rule in the security group.

To register the Outbound Rule of the Security Group, follow the steps below.

Click the All Services > Security > Secrets Manager menu. Navigate to the Service Home page of Secrets Manager.
Click the Secrets Manager menu on the Service Home page. Navigate to the Secrets Manager List page.
On the Secrets Manager List page, click the resource to view detailed information. You will be taken to the Secrets Manager Details page.
Check the URL information on the Secrets Manager Details page.
- URL You can copy the public / private URL information from the URL item.
Use the nslookup command to check the IP to register in the Security Group.

nslookup <endpoint URL to call>

Security Group > Security Group List: Select the Security Group of the VM for which you want to set access control. Security Group Details page will be opened.

In the Security Group Details > Rules tab, click the Add Rule button. When the Add Rule window appears, enter the information below to add a rule.

Item	Detailed description
Target Input Method	CIDR Select
Target address	Enter the IP address retrieved by nslookup
Type	Select Destination Port/Type after entering protocol information Among protocols TCP select, enter 443 in TCP destination port
Direction	Outbound rule Select
Description	Enter Secrets Manager Public / Private Endpoint call rule

Table. Security Group rule addition input items

Security Group rules Check that the rule you entered in the list has been added.

Register access control for Secrets Manager

You can register public/private access controls for Secrets Manager.

To configure the access control items of Secrets Manager, follow the steps below.

Click the All Services > Security > Secrets Manager menu. Go to the Service Home page of Secrets Manager.
Service Home page, click the Secrets Manager menu. Navigate to the Secrets Manager list page.
Secrets Manager list On the page, click the resource to view detailed information. Secrets Manager detail You will be taken to the page.
On the Secrets Manager Details page, click the edit icon of Public Access Control to add an allowed IP for Public Endpoint access.

Public Access Control Edit Popup In the window, enter the IP and click the Add button. When addition is complete, click the Confirm button.
- For security, adding a single IP is recommended, and up to 10 can be registered.
- 0.0.0.0/24 - 0.0.0.0/32 can be registered, but be careful as it may be insecure.

On the Secrets Manager Details page, click the edit icon of Private Access Control to add a VM that allows Private Endpoint access.
- In the Private Access Control Edit Popup window, select the resources to allow access and click the Add button. When the addition is complete, click the Confirm button.
- If you do not set usage, you can access all subnet resources in the same region.

Secrets Manager API Call

Explains how to call the Secrets Manager API.

Check Secrets Manager URL information

All Services > Security > Secrets Manager > Secrets Manager Details page, check the URL information.

URL You can copy public / private URL information from the item.

Secrets Manager Lookup API

get /v1/secret


## Description

Secret value lookup

## Parameters






  


Type
Name
Description
Schema




query
secretId (required)
Secret ID
 (Example : b3ed8b7637574255b83c274a6ed79426)
string




  Table. API Call Parameters Item





## Responses






  


Http Code
Description
Schema




200
OK
None


400
Bad Request
None


401
Unauthorized
None


403
IP Not Allowed
None


404
Not Found
None




  Table. API call Responses items





## Example HTTP request

### Request path

Type	Name	Description	Schema
query	secretId (required)	Secret ID (Example : b3ed8b7637574255b83c274a6ed79426)	string

Http Code	Description	Schema
200	OK	None
400	Bad Request	None
401	Unauthorized	None
403	IP Not Allowed	None
404	Not Found	None

/v1/secret?secretId={secretId}

### Request header

“Accesskey = 2sd2gg=2agbdSD26svcD”, SecretKey = fsfsdf235f9U35sdgf35Xsf/qgsdgsdg326=sfsdr23rsef=


## Example HTTP response

### Response 200

{ “status”: “success”, “data”: { “key”: “value” }, “timestamp”: “2026-01-20T09:21:18.92730172” “}

3 - Release Note

Secrets Manager

2026.03.19

FEATURE Private Endpoint Service Provision

Provides a Private Endpoint that can be called with Secret from VM resources in Samsung Cloud Platform.
- You can select the VM resources within the Samsung Cloud Platform of the Secret that stores security information and set access control.

2025.12.16

NEW Secrets Manager Service Official Version Release

We have launched a service that encrypts customers’ sensitive information in the form of Secret (security information) and stores and manages it safely.
You can remove hardcoding of security information in the application source code and call securely stored Secrets to retrieve them.