The page has been translated by Gen AI.

Overview

Service Overview

Secrets Manager is a service that encrypts customers’ sensitive information as Secrets (secure data) and stores and manages it safely. Remove hard-coded sensitive information from the application source code and retrieve it by invoking Secrets stored securely in a Key-Value format. A secret is encrypted with a user‑managed key in conjunction with the Key Management Service and stored securely.

Service Architecture Diagram

Diagram
Figure. Secrets Manager diagram

Provided features

Secrets Manager provides the following features.

  • Secret creation/deletion: Secrets Manager can create, delete, and manage Secrets. * The user stores security (sensitive) information in key/value format in the generated Secret.
  • Secret lookup: You can retrieve Secret values based on custom policies and permission settings.
  • Label-based version control: When a Secret is modified, you can set a label on the version, which is a snapshot of the uniquely generated data, allowing you to manage Secrets more efficiently.

Component

Secret

It stores sensitive (critical) information as a logical unit, encrypting security information values in Key/Value format with a KMS key.

  • A Secret is an object created through the creation of a Secrets Manager product service in the Samsung Cloud Platform Console.

Version

It is a snapshot of unique data that is newly created each time a Secret is modified (the unit that stores the actual value of the Secret).

Label

It is a label or tag attached to a specific version of a Secret (a pointer for referencing a specific version).

Constraints

The limitations of the Secrets Manager service are as follows. Before use, be sure to review the following constraints and incorporate them into your service usage plan.

Reference
  • Secrets Manager is a regional service, and a created secret can be used only within that region.
  • When rotating a customer-managed key, the key version is changed internally. * By using the newly generated version of the key, you can decrypt data that was encrypted with the previous version of the key. * (maintain compatibility)
    • Versions through key rotation are compatible up to the 100th version, regardless of the encryption algorithm.
ItemDetailed descriptionQuota
Secret Value SizeSize of the encrypted Secret value65,536
SecretsNumber of Secrets per region in an account500,000
Attached Labels for SecretNumber of Labels attached to all versions of Secret20
Versions per SecretNumber of versions of Secret100
Table. Secrets Manager constraints

Preliminary Service

Secrets Manager has no prerequisite services.

Release Note
How-to guides