Skip to main content

Configure access control

To strengthen security, you can use per-secret access control to manage who can access each secret.
Selectable subjects are users, groups, service accounts, and service agent accounts in the same project, and actual permissions follow their IAM roles.

Enable access control

If access control is not enabled, you can change it to Enable access control.

caution
  • The IAM Project Viewer role or higher is also required to view IAM resources in the project.
  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets list, click the name of the secret for which you want to enable access control.
  3. On the detail page, click the Access control tab.
  4. Click [Enable access control] on the right side of the Access control title.
  5. When you enable access control, you can add allowed subjects. To add subjects, you need permission to view IAM resources in the project.
    • If you are the owner, you can choose to allow only the owner.
    • If the owner loses service access permissions and there is no longer any subject that can manage the secret, request an owner change through Help Desk. The changed owner must have the IAM roles required to manage access control.
    • If you enable access control without adding your own account other than the owner, you will also lose access to the secret, so make sure to verify before proceeding.
    • Individual users who belong only to groups are excluded from subject search.
    • The owner is not displayed in the subject list.
  6. In the Enable access control modal, click [Use].
  7. Even if a subject has service access permissions, it cannot access the secret unless it is included in allowed subjects.
    • For access requests, contact the owner or a subject with permission to manage allowed subjects.

Disable access control

If access control is enabled, you can change it to Disable access control.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets list, click the name of the secret for which you want to disable access control.
  3. On the detail page, click the Access control tab.
  4. Click [Disable access control] on the right side of the Access control title.
  5. In the Disable access control modal, click [Disable].
    • The allowed subject list is reset. If you enable access control again, you must configure the allowed subject list again.
  6. Subjects with service access permissions can access the secret.