Secrets Manager and KMS services released
As cloud-based services expand, operational efficiency and scalability have improved significantly, but security requirements have also become more sophisticated. In particular, sensitive information such as authentication information or credentials, which is essential inside systems but can directly lead to security incidents if exposed externally, can no longer be considered safe simply by hiding it. It must be managed systematically, including how it is stored, who accesses it, and how it is renewed and destroyed.
Encryption keys that protect encrypted data must also be managed separately and securely. If even one key is leaked, the meaning of all security can disappear.
To respond to these security needs, KakaoCloud has released two new security services: Secrets Manager and KMS (Key Management Service). In this post, we introduce how these two services can securely separate and manage secrets and keys while improving both security and operational efficiency.
🔐 How to manage secrets securely: Secrets Manager
When operating a service, there is information that must be protected. Examples include database usernames and passwords, authentication keys for external APIs, and tokens used for communication between services. This information is generally called a secret, and it is a security credential required for applications to communicate safely with external or internal systems. If these secrets are exposed, they can lead to serious security incidents such as unauthorized access or data theft.
KakaoCloud Secrets Manager is a service that securely stores secrets in encrypted form and helps users retrieve them safely only when needed. Traditional methods such as hardcoding secrets in code or setting them as environment variables on operating servers are vulnerable in terms of security and make it difficult to track change history.
With Secrets Manager, however, secrets can be managed centrally in an integrated repository, and a version is automatically created every time a change is made, allowing change history to be tracked systematically. For example, even if an incorrect value is saved by mistake, it can be rolled back easily to a previous version. If needed, only a specific version can be deactivated or destroyed. Currently active secrets remain in the Active state, and availability is clearly distinguished by status.
In addition, integration with IAM allows secret access permissions to be controlled granularly by user or service account. For example,
- Secrets Manager Project Manager can perform all management tasks such as creating, modifying, and deleting secrets.
- Secrets Manager Project Viewer can be configured to only view secret lists, versions, and status.
In this way, permission separation enables safer and more flexible secret operations.
🔑 How to encrypt data and handle keys securely: KMS
As important as data encryption is how securely the "keys" that decrypt that data are managed. Databases containing customer information, sensitive logs, and files in cloud storage must all be protected through encryption, and the creation and operation of encryption keys for this purpose must be carried out systematically.
KakaoCloud KMS (Key Management Service) is a service that helps users create, securely store, rotate, and destroy encryption keys used to encrypt data or create digital signatures.
Keys created in KMS can be configured to undergo periodic automatic rotation, and can be immediately deactivated or destroyed when a security event occurs. One key is managed in multiple versions, and even when a new version is created, previous versions are retained so that past data can still be decrypted without issue.
KMS supports industry-standard algorithms such as AES and RSA, and keys can be clearly distinguished as available or unavailable based on their Active, Deactivated, or Destroyed status. It also integrates with KakaoCloud IAM so that access to keys can be controlled granularly by user or service account. Depending on the assigned role,
- KMS Project Manager has full management permissions, including key creation, status changes, and policy configuration.
- KMS Project Viewer has permission to view key metadata and status information.
Because permissions can be separated and configured based on roles, operational stability and security control can both be secured. In addition, key creation, usage, and destruction history are automatically recorded through Cloud Trail, making them useful for security audits and compliance response.
✅ Raise your security level
Secrets Manager and KMS are newly added services in the existing Security category. They provide a security system that centrally manages secrets and encryption keys and implements more precise permission control through integration with IAM.
Protect sensitive information and build a key management system with just a few clicks in the KakaoCloud console. KakaoCloud will continue strengthening features in line with customer security requirements and providing an integrated security operations environment through integration with various services.
For detailed descriptions and API guides for Secrets Manager and KMS, see the technical documentation below. Thank you.
👉 View Secrets Manager documentation 👉 View KMS documentation