All Products
Search

This Product

    CloudOps Orchestration Service:Encrypted parameters

    Document Center

    CloudOps Orchestration Service:Encrypted parameters

    Last Updated:Jun 17, 2026

    In addition to common parameters, CloudOps Orchestration Service supports encrypted parameters. Key Management Service (KMS) encrypts the value of an encrypted parameter. This topic describes how to create, search for, and update encrypted parameters in the Parameter Store.

    Note

    1. You can create up to 10,000 encrypted parameters in each region. The value of each parameter can be up to 4,096 characters in length.

    2. To use encrypted parameters, you must meet the following prerequisites:

      1. Activate Key Management Service (KMS). For more information, see Purchase a dedicated KMS instance.

      2. Grant the required RAM permission for KMS. For more information, see Use RAM to control resource access.

    Create an encrypted parameter

    1. Log on to the CloudOps Orchestration Service.

    2. In the left-side navigation pane, choose Parameter Store. Click the Encrypted Parameters tab, and then click Create Encrypted Parameter.image

    3. On the Create Encrypted Parameter page, configure the parameter.image

      1. Enter a parameter name.

      2. Enter a description for the parameter.

      3. Enter a KMS instance ID.

        1. If you do not set this parameter, a legacy default KMS instance is used, and you can create up to 200 encrypted parameters.

        2. If you set this parameter, the credential quota of the specified dedicated KMS instance applies. For more information, see Purchase and enable a KMS instance.

      4. Enter a KMS key ID. You can use the default value or enter the ID of a key that you have created. For more information, see Create a key.

      5. Enter the parameter value.

      6. Specify one or more constraints for the parameter value. The following types of constraints are available:

        1. Allowed values

        2. Regular expression

        3. Maximum length

        4. Minimum length

    4. Click Create.

    Search for an encrypted parameter

    1. Log on to the CloudOps Orchestration Service.

    2. In the left-side navigation pane, choose Parameter Store. Click the Encrypted Parameters tab, and then use the search box next to the Create Encrypted Parameter button.

    3. In the search box, you can filter parameters by a combination of the following conditions:secret-parameter-03

      1. Parameter name: Fuzzy search is supported.

      2. Path. For example, in /parmeter/parmeter1/test, the path is /parmeter/parmeter1/.

      3. Specifies whether the search is recursive. This option is used with the parameter path. By default, the search is non-recursive. A recursive search finds all parameters that begin with the specified path. For example, the following table shows the search results for three parameters when the search path is /group1.

        Parameter

        Recursive

        Non-recursive

        /group1/team2/some_parameter

        Found

        Not found

        /group1/team1/some_parameter

        Found

        Not found

        /group1/some_parameter

        Found

        Found

    Update an encrypted parameter

    1. Log on to the CloudOps Orchestration Service.

    2. In the left-side navigation pane, choose Parameter Store. On the Encrypted Parameters tab, find the parameter that you want to update and click Edit in the Actions column.secret-parameter-05

    3. Update the value or description as needed.secret-parameter-06

    4. Click Save.

    5. In the edit history, you can view the previous versions of the encrypted parameter.secret-parameter-07

      Important

      The system retains only the 10 most recent versions of an encrypted parameter.

    6. Click edit history and select the Display Parameter Value checkbox to view the details of an encrypted parameter.secret-parameter-08