Manage encryption parameters - CloudOps Orchestration Service

In addition to common parameters, Operation Orchestration Service (OOS) also provides encryption parameters. You can set the encryption parameters to encrypt stored values by using Key Management Service (KMS). This topic describes how to create, search for, and update encryption parameters in the parameter warehouse of OOS.

Notice

To use encryption parameters, you must make sure the following requirements are met:

KMS is activated. For more information, see Activate KMS.
You are granted related Resource Access Management (RAM) permissions on KMS. For more information, see Use RAM to control access to resources.

Create encryption parameters

Log on to the OOS console.
In the left-side navigation pane, click Parameter Warehouse. On the Parameter Warehouse page, click the Encryption Parameters tab, and then click Create Encryption Parameter.
On the Create Encryption Parameter page, set the required parameters, as shown in the following figure.
1. Enter a parameter name in the Parameter Name field.
2. Enter a parameter description in the Description field.
3. Select a KMS key ID. You can select Default Service CMK or an existing customer master key (CMK). For more information, see Create a CMK.
4. Enter a value in the Value field.
5. Add constraints for the value that you enter in the Value field. You can add multiple constraints. The following four types of constraints are available:
  1. Valid value
  2. Regular expression
  3. Maximum length
  4. Minimum length

Click Create.

Search for encryption parameters

Log on to the OOS console.
In the left-side navigation pane, click Parameter Warehouse. On the Parameter Warehouse page, click the Encryption Parameters tab, and then click the search box next to the Create Encryption Parameter button.

In the search box, you can select the following three search types:

Parameter name. If you select Parameter Name, fuzzy match is used.
Path. In this example, the parameter name is /parameter/parameter1/test, where /parameter/parameter1/ is the parameter path.

Parameter path recursion. This search type indicates whether the parameter is recursive. Default value: No. This search type must be used together with Path. If you select Parameter Path Recursion and then select Yes, you can enter /parameter/ to search for multiple parameters that start with /parameter/. The following table describes three parameters and the search results when you search by /group1.

Parameter	Recursive	Not recursive
/group1/team2/some_parameter	The parameter can be found.	The parameter cannot be found.
/group1/team1/some_parameter	The parameter can be found.	The parameter cannot be found.
/group1/some_parameter	The parameter can be found.	The parameter can be found.

Update encryption parameters

Log on to the OOS console.
In the left-side navigation pane, click Parameter Warehouse. On the Parameter Warehouse page, click the Encryption Parameters tab, find the parameter that you want to update, and then click Edit in the Actions column.
On the page that appears, you can enter a new value in the Value field or enter a parameter description in the Description field.
Click Save.
On the Edit History tab, you can view the history of updates to the encryption parameter.
Notice
Limits: Only the 10 most recent updates of encryption parameters are retained.
Click the Edit History tab, select the Display Parameter Values check box to view the value of the encryption parameter.