Key Concepts
This section describes the core components and policies that make up the KakaoCloud Secrets Manager service. Understanding these concepts will help you use Secrets Manager more effectively.
Secret
The most basic resource unit stored and managed in the Secrets Manager service. A secret acts as a container for sensitive information such as database credentials, API keys, or plain text. It consists of a unique name (ARN), metadata, and multiple versions of values.
Secret version
A unique data unit created each time the value of a secret is updated. Every version has a unique ID, and Secrets Manager designates the latest version as the default version to be used as the currently active value.
Secret state
A secret can have multiple versions, and each version is managed by its own state. The actual availability of a secret depends on the state of its versions.
| State | Description |
|---|---|
Active | The version is active and is the only state in which encryption and decryption can be performed. - New versions are created in the active state and set as the default version. |
Deactivated | The version is deactivated, temporarily suspending its use. - Use this state when suspicious activity is detected or when applications must be temporarily suspended. - If all versions are deactivated or destroyed, the secret is automatically deactivated. - Deactivated is not permanent and can be switched back to active at any time. |
Destroyed | The version is permanently deleted and cannot be recovered. - Once all versions of a secret are destroyed, the secret itself can be permanently deleted. |
Roles
The Secrets Manager service uses a Role-Based Access Control (RBAC) model to securely and systematically manage access permissions for secret resources. IAM assigns roles to users to restrict them to only the allowed operations.
Secrets Manager Project Viewer
Has permission to view all resources within the project, including secret lists, states, and version information. However, management tasks such as creating or changing states of secrets cannot be performed.
Secrets Manager Project Manager
Has full management permissions for Secrets Manager within the project, including secret creation, modification, deletion, and value updates, in addition to view permissions.