This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    Secrets Manager is a service that encrypts customers’ sensitive information as Secrets (secure data) and stores and manages it safely. Remove hard-coded sensitive information from the application source code and retrieve it by invoking Secrets stored securely in a Key-Value format. A secret is encrypted with a user‑managed key in conjunction with the Key Management Service and stored securely.

    Service Architecture Diagram

    Diagram
    Figure. Secrets Manager diagram

    Provided features

    Secrets Manager provides the following features.

    • Secret creation/deletion: Secrets Manager can create, delete, and manage Secrets. * The user stores security (sensitive) information in key/value format in the generated Secret.
    • Secret lookup: You can retrieve Secret values based on custom policies and permission settings.
    • Label-based version control: When a Secret is modified, you can set a label on the version, which is a snapshot of the uniquely generated data, allowing you to manage Secrets more efficiently.

    Component

    Secret

    It stores sensitive (critical) information as a logical unit, encrypting security information values in Key/Value format with a KMS key.

    • A Secret is an object created through the creation of a Secrets Manager product service in the Samsung Cloud Platform Console.

    Version

    It is a snapshot of unique data that is newly created each time a Secret is modified (the unit that stores the actual value of the Secret).

    Label

    It is a label or tag attached to a specific version of a Secret (a pointer for referencing a specific version).

    Constraints

    The limitations of the Secrets Manager service are as follows. Before use, be sure to review the following constraints and incorporate them into your service usage plan.

    Reference
    • Secrets Manager is a regional service, and a created secret can be used only within that region.
    • When rotating a customer-managed key, the key version is changed internally. * By using the newly generated version of the key, you can decrypt data that was encrypted with the previous version of the key. * (maintain compatibility)
      • Versions through key rotation are compatible up to the 100th version, regardless of the encryption algorithm.
    ItemDetailed descriptionQuota
    Secret Value SizeSize of the encrypted Secret value65,536
    SecretsNumber of Secrets per region in an account500,000
    Attached Labels for SecretNumber of Labels attached to all versions of Secret20
    Versions per SecretNumber of versions of Secret100
    Table. Secrets Manager constraints

    Preliminary Service

    Secrets Manager has no prerequisite services.