By Wamala Emmanuel Nsubuga
Alibaba Cloud Key Management Service (KMS) is a cloud-managed service that allows you to create, manage, and store keys, certificates, and secrets. KMS enables you to maintain control over who can access your secrets and keys by letting you assign permissions. You can also manage the lifecycle of each secret by setting the rotation period. Auditing can be set up by integrating with Alibaba Cloud Services like ActionTrail or CloudMonitor to provide usage logs informing you who is accessing the secrets.
KMS consists of four components:
This article will focus on the secrets manager component of KMS.
Secrets Manager provides secret encryption, secret hosting, regular rotation (referring to the secret's periodic updating, which leads to a new version of the secret), secure distribution, and centralized management features. Secrets Manager reduces the security risks caused by static secrets configured in traditional IT facilities. You can use secrets to store sensitive data like passwords.
A secret consists of three components: the metadata, versions, and stage labels that mark the secret versions.
The metadata of a secret contains the following parts:
Each secret value you write into a secret is stored as a secret version. The secret value is sensitive data. You can read the secret value of a secret version based on the secret name and version number. Each secret version identified by the version number can only be written into a secret once and cannot be modified.
Secret versions are marked with stage labels and can be referenced using stage labels. Secrets Manager has two built-in stage labels: ACSCurrent and ACSPrevious. You can call the PutSecretValue operation to mark the newly stored secret version with ACSCurrent by default. Then, you can call the GetSecretValue operation to read the secret version marked with ACSCurrent. You can also customize stage labels.
Finally, the secret is successfully created.
Yagr - July 8, 2020
Alibaba Clouder - June 10, 2020
Alibaba Clouder - March 14, 2018
Alibaba Clouder - August 16, 2019
Alibaba Clouder - April 23, 2019
Léon Rodenburg - December 24, 2019
An industry-standard hardware security module (HSMs) deployed on Alibaba Cloud.Learn More
Protect, backup, and restore your data assets on the cloud with Alibaba Cloud database services.Learn More
This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.Learn More
Alibaba Cloud is committed to safeguarding the cloud security for every business.Learn More
More Posts by Alibaba Cloud Community