Skip to main content

Version management

This feature allows you to systematically manage the history of multiple versions created whenever a secret value changes. You can track change history for auditing purposes or check values used at a specific point in time.
A newly created version is automatically set as the default version of the secret. Therefore, when an application requests a secret value without specifying a version, the default version is always returned.

View versions

  1. Go to KakaoCloud Console > Security > Secrets Manager.

  2. In the Secrets menu, click the name of the secret whose versions you want to view.

  3. On the secret detail page, click the Versions tab to view the following items:

    ItemDescription
    VersionAn object that stores the actual value of the secret at a specific point in time. A new version is generated each time the secret value is updated. This allows you to track change history or reuse values from a specific version when creating a new one.
    StatusIndicates the current availability of the secret version. Displayed as Active, Deactivated, or Destroyed.
    KMS key nameThe name of the KMS key used by the secret version. User-defined for easier identification.
    KMS key IDThe unique ID of the KMS key used by the secret version, assigned by the system.
    Created atThe date and time when the secret version was first created.

Create version

You can create a version of the selected secret. You can create a version by entering a new secret value or by using the value of an existing version.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets list, click the name of the secret for which you want to create a version.
  3. On the detail page, click the Versions tab.
  4. Click [Create version] on the right side of the versions title.
  5. In the Create version modal, create a version by using an existing version's secret value or by entering a new secret value.
    • If you select an existing version, you can use that version's secret value.
  6. Enter the secret value and click [Create].
    • The new version is encrypted with the KMS key connected to the secret.
    • The new version becomes the default version.

Change version state

You can change the state of a secret version to control its usage. For example, you can temporarily deactivate a version or destroy versions that are no longer needed.

Active

A secret version in Deactivated state can be changed to Active.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, click the name of the secret whose version state you want to change.
  3. On the detail page, click the Versions tab.
  4. Select the version whose state you want to change and click [Activate] in the action bar, or choose More > Activate from the version row.
    • Changing to Active does not support bulk actions.
    • A deactivated version scheduled for destruction cannot be changed to Active. Cancel the destruction schedule and try again.
  5. In the Activate modal, click [Activate].

Deactivated

A secret version in Active state can be changed to Deactivated. A deactivated secret version can be restored to Active.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, click the name of the secret whose version state you want to change.
  3. On the detail page, click the Versions tab.
  4. Select the version whose state you want to change and click [Deactivate] in the action bar, or choose More > Deactivate from the version row.
    • Bulk actions are supported when all selected versions are in the same state.
    • A deactivated version scheduled for destruction cannot be included in bulk actions. Cancel the destruction schedule and try again.
  5. In the Deactivate modal, click [Deactivate].

Destroy

Versions that are no longer needed and must be permanently removed can be destroyed.
To provide flexibility, Secrets Manager offers both scheduled destruction with a grace period and immediate destruction for urgent cases.

caution
  • Once a version is destroyed, it cannot be recovered by any means. Its value cannot be retrieved or used for decryption.
  • Before destroying a version, make sure no important data is encrypted with it.

Destroy immediately

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, click the name of the secret whose version state you want to change.
  3. On the detail page, click the Versions tab.
  4. Select the version whose state you want to change and click [Destroy immediately] in the action bar, or choose More > Destroy immediately from the version row.
    • Bulk actions can be performed only when all selected versions are in the same state, such as all Active or all Deactivated.
    • A deactivated version scheduled for destruction cannot be destroyed immediately. Cancel the destruction schedule and try again.
  5. In the Destroy immediately modal, click [Destroy immediately].

Schedule destruction

You can set a grace period of 7 to 30 days to prevent accidental data loss and provide an opportunity for recovery.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, click the name of the secret whose version state you want to change.
  3. On the detail page, click the Versions tab.
  4. Select the version whose state you want to change and click [Schedule destruction] in the action bar, or choose More > Schedule destruction from the version row.
    • Bulk actions can be performed only when all selected versions are in the same state, such as all Active or all Deactivated.
    • Bulk actions cannot be performed when only versions scheduled for destruction are selected.
  5. In the Schedule destruction modal, click [Schedule destruction].
    • Active versions are changed to Deactivated, and are automatically destroyed when the configured grace period arrives.

Cancel scheduled destruction

You can cancel a scheduled destruction if the grace period has not ended.

  1. Go to KakaoCloud Console > Security > Secrets Manager.
  2. In the Secrets menu, click the name of the secret whose version state you want to change.
  3. On the detail page, click the Versions tab.
  4. Select the version whose state you want to change and click [Cancel scheduled destruction] in the action bar, or choose More > Cancel scheduled destruction from the version row.
    • Bulk actions are supported when all selected versions are scheduled for destruction.
  5. In the Cancel scheduled destruction modal, click [Cancel scheduled destruction].