Skip to main content

Create and manage user keys

Create user keys

User keys are encryption keys that users create and manage themselves. To create a customer key in KMS, follow these steps:

  1. Go to KakaoCloud Console > Security > KMS.
  2. In the User keys menu, click [Create user key] in the upper right corner.
  3. Enter the basic information such as name and description. If you want to create the key in pre-activation state, select the option. In this case, no version will be generated.
  4. Enter configuration information such as type, usage, and algorithm.
  5. You can enable automatic rotation. If enabled, a new version is generated automatically based on the configured rotation cycle.
  6. You can enable access control. To strengthen security, configure access control. To add allowed subjects, an IAM service role is required. For more information about access control, see Configure access control.
  7. Click [Create] to complete key creation.

View user keys

  1. Go to KakaoCloud Console > Security > KMS.

  2. Select the User keys menu to view the following items:

    ItemDescription
    NameA name assigned by the user to easily identify the key.
    IDA unique value assigned by the system to identify each key. This ID is used when making API calls.
    DescriptionAdditional notes provided by the user, such as the purpose or characteristics of the key.
    Access controlIndicates whether access control is enabled.
    StatusIndicates whether the key is currently available.
    Displayed as 'Pre-activation', 'Active', or 'Deactivated'.
    TypeType of encryption. Symmetric keys perform both encryption and decryption with the same key, while asymmetric keys use a public-private key pair.
    UsageThe purpose of the key, such as 'Encryption and decryption' or 'Signing and verification'.
    AlgorithmThe encryption algorithm used by the key (e.g., AES-256, RSA-2048).
    Default versionThe version number of the key currently used for default encryption. New data is always encrypted with this version.
    Automatic rotationIndicates whether automatic rotation is enabled. If enabled, the configured rotation cycle is displayed; if disabled, it shows 'Not in use'.
    Last rotation timeThe date and time when the key was last rotated and a new version was generated.
    Next rotation timeThe scheduled date and time of the next automatic rotation.
    Created atThe date and time when the customer key was first created.
    Created byThe ID of the user who created the customer key.

  3. For access-controlled resources that you do not have permission to access, only the name, description, access control setting, creation time, creator information, and partial ID value are displayed.

Public key information

For asymmetric user keys, you can view the public key information.

  1. Go to KakaoCloud Console > Security > KMS.
  2. In the User keys menu, select an asymmetric key whose public key you want to view.
  3. When you select a viewable key, the [Public key info] button in the upper right corner becomes available. Click [Public key info] or choose More > Public key info from the customer key row.
    • If you are on the resource’s details page, you can also access it from the action group menu in the header area.

Delete user keys

You can delete a customer key if its status is Pre-activation or if all of its versions are in a destroyed state. Refer to version management for details on destruction.

  1. Go to KakaoCloud Console > Security > KMS.
  2. In the User keys menu, find the key you want to delete.
  3. When you select a deletable key, the [Delete] button in the upper right corner becomes available. Click [Delete] or choose More > Delete from the customer key row.
    • A deletable key is in Deactivated state and has no default version assigned, confirming that it can be removed.
    • If you are on the resource’s details page, you can also perform this action from the action group menu in the header area.
  4. In the Delete customer key modal, enter the name of the key to be deleted and click [Delete].
    • Deleted user keys cannot be recovered.

View service keys

Service keys are AES256-GCM96 symmetric encryption keys managed by KakaoCloud services. They are created automatically when a service performs encryption using a service key.

  1. Go to KakaoCloud Console > Security > KMS.

  2. Select the Service keys menu to view the following items:

    ItemDescription
    ServiceThe name of the cloud service that creates and uses the service key (for example, Secrets Manager).
    NameA name automatically assigned by the system to identify the key.
    - To distinguish it from user keys, it starts with an uppercase letter, and spaces are replaced with hyphens (-). For example, Secrets-manager.
    StatusIndicates whether the key is currently available. Displayed as Pre-activation, Active, or Deactivated.
    Default versionThe version number currently used by default for encryption. New data is always encrypted with this version.
    Automatic rotationIndicates whether automatic rotation is enabled.
    - If enabled, the configured cycle is shown; if disabled, it displays Not in use.
    - Service keys are automatically rotated every 365 days.
    Last rotation timeDate and time when the last key rotation occurred and a new version was generated.
    Next rotation timeDate and time of the next scheduled automatic rotation.
    Created atDate and time when the service key was first created.