Create and manage secrets

Create secret

A secret is the basic resource unit in Secrets Manager. To create a secret:

1. Go to KakaoCloud Console > Security > Secrets Manager.
2. In the Secrets menu, click [Create secret] at the top right.
3. Enter basic information such as name and description.
4. Select the KMS key to use. You can choose either a customer key or a service key.
   • User keys can be selected from symmetric encryption/decryption keys in Active state that you created in KMS.
   • If no customer key exists, first create a key in KMS. Then return to the secret creation page and refresh the list to specify the new key.
   • Service keys are KMS keys managed by the service.
5. Enter the secret value in key–value format, or switch to text input.
   • Data entered in key–value format is automatically converted to JSON when switched to text input.
   • When entering in text input, use valid JSON format; converting back will automatically transform it to key–value format.
6. Click [Create] to complete secret creation.

View secrets

1. Go to KakaoCloud Console > Security > Secrets Manager.

2. Select the Secrets menu to view the following items:

   Item	Description
   Name	A user-defined name to easily identify the secret
   ID	A unique value assigned by the system to identify each secret; used when calling APIs
   Description	Additional notes freely entered by the user about the secret’s purpose or characteristics
   Status	The current availability of the secret. Displayed as Active or Deactivated
   Default version	The version currently used for encryption. New data is always encrypted with this version
   KMS key name	The name of the KMS key used by the secret (user-defined for easier identification)
   KMS key ID	The unique ID of the KMS key used by the secret, assigned by the system
   Created at	The date and time when the secret was first created
   Created by	The ID of the user who created the secret

Change KMS key

When you change the KMS key applied to a secret, all new versions use the new key for encryption and decryption.
Previous versions remain encrypted with the old key, so the old KMS key must still be valid to retrieve older secret values.

1. Go to KakaoCloud Console > Security > Secrets Manager.
2. In the Secrets menu, select the secret for which you want to change the KMS key.
   • If you are on the detail page of the resource, you can perform this action from the action group menu in the header area.
3. When a valid secret is selected, the [Change KMS key] button is enabled. Click it, or choose More > Change KMS key from the secret row.
4. In the Change KMS key modal, select the new KMS key and click [Change].
   • As in secret creation, you can select either a customer key or a service key.

Delete secret

You can delete a secret only if all of its versions have been destroyed.

1. Go to KakaoCloud Console > Security > Secrets Manager.
2. In the Secrets menu, select the secret to delete.
   • Only secrets in Deactivated state with no default version value can be deleted.
3. When a deletable secret is selected, the [Delete] button is enabled. Click it, or choose More > Delete from the secret row.
   • If you are on the detail page of the resource, you can perform this action from the action group menu in the header area.
4. In the Delete Secret modal, enter the name of the secret to confirm and click [Delete].