Skip to main content

Create and manage secrets

Create secret

A secret is the basic resource unit in Secrets Manager. To create a secret:

caution
  • The KMS User role or higher is also required to use KMS keys for secret encryption.
  1. Go to the KakaoCloud Console > Security > Secrets Manager menu.
  2. Click the [Create secret] button in the top right corner of the Secrets menu.
  3. Enter basic information such as the name and description.
  4. Select the KMS key to use. You can choose between a user key or a service key.
    • User key: You can select a symmetric encryption/decryption key in an operational state from the keys you have directly created in KMS.
    • If you don't have a user key, create one in KMS first. Then, return to the Create secret screen and refresh the list to specify the created key. An additional KMS service role is required to create user keys.
    • Service key: A KMS key managed by the Secrets Manager service. When you encrypt a secret with a service key, the service key is created automatically. There is one service key per service.
  5. Enter the secret value using either the Key/Value or Text editor mode.
    • Key/Value mode: Suitable for easily entering and managing simple, frequently changing string values. The system automatically formats these as "Key": "Value" (even if you don't add quotes), so they appear as a JSON string in the text editor (e.g., hello → "hello").
    • If you enter a value in JSON string format (e.g., "hello") in the Text editor, it will be converted to plain text (hello) with the quotes removed when you switch back to the Key/Value tab.
    • If you enter specific JSON data types such as arrays, booleans (true/false), null, objects, or numbers in the Text editor, they will not be converted when switching to the Key/Value tab. This is because the Key/Value mode only supports the JSON string format.
    • Complex JSON structures like arrays or objects can only be entered in the Text editor.
    • You can enter secret values in the same way on the Create version screen.
  6. Click the [Create] button to complete the secret creation.

View secrets

  1. Go to KakaoCloud Console > Security > Secrets Manager.

  2. Select the Secrets menu to view the following items:

    ItemDescription
    NameA user-defined name to easily identify the secret
    IDA unique value assigned by the system to identify each secret; used when calling APIs
    DescriptionAdditional notes freely entered by the user about the secret’s purpose or characteristics
    Access controlIndicates whether access control is enabled
    StatusThe current availability of the secret. Displayed as Active or Deactivated
    Default versionThe version currently used for encryption. New data is always encrypted with this version
    KMS key nameThe name of the KMS key used by the secret (user-defined for easier identification)
    KMS key IDThe unique ID of the KMS key used by the secret, assigned by the system
    Created atThe date and time when the secret was first created
    Created byThe ID of the user who created the secret

  3. For access-controlled resources that you do not have permission to access, only the name, description, access control setting, creation time, creator information, and partial ID value are displayed.

KMS key information

You can view information about the KMS key applied to the selected secret. When creating a secret version, the secret is encrypted with this key.

caution
  • The KMS Viewer role or higher is also required to view KMS key information.
  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets list, click the name of the secret whose KMS key information you want to view.
  3. On the detail page, click the Details tab.
  4. In the KMS key item in the details area, click the [KMS key information] icon button.
  5. In the KMS key information modal, view the KMS key information applied to the secret.

Change KMS key

When you change the KMS key applied to a secret, all new versions use the new key for encryption and decryption.
Previous versions remain encrypted with the old key, so the old KMS key must still be valid to retrieve older secret values.

caution
  • The KMS User role or higher is also required to change KMS keys.
  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets list, click the name of the secret whose KMS key you want to change.
  3. On the detail page, click the Details tab.
  4. Click [Change KMS key] on the right side of the details title.
  5. In the Change KMS key modal, select the KMS key to change to and click [Change].
    • As in secret creation, you can select either a user key or a service key.
    • New versions created after the change are encrypted with this key.

Delete secret

You can delete a secret only if all of its versions have been destroyed.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, select the secret to delete.
    • Only secrets in Deactivated state with no default version value can be deleted.
  3. When a deletable secret is selected, the [Delete] button is enabled. Click it, or choose More > Delete from the secret row.
    • If you are on the detail page of the resource, you can perform this action from the action group menu in the header area.
  4. In the Delete secret modal, enter the name of the secret to confirm and click [Delete].