Available in Classic and VPC
Create keys
You can generate an unlimited number of user-managed keys. However, caution is needed as charges are incurred based on the number of keys created. To create a key, follow these steps:
- In the NAVER Cloud Platform console, navigate to
> Services > Security > Key Management Service > Key. - Click the [Create keys] button.
- When the Create keys page appears, enter the required information.
- Key name: enter between 3 and 15 characters using a combination of letters, numbers, hyphens, and underscores. However, it must start with a letter and cannot be duplicated by another key name in your key store.
- Boundary: select either Global or Isolated
Region-isolated key: a key set to Isolated is assigned to the Region currently selected in the console.
- Usage: click to select between encryption/decryption (AES-256), encryption/decryption and signing/validation (RSA-2048), and signing/verification (ECDSA).
- Encryption type: if you selected encryption/decryption (AES-256) in usage, click whether to apply convergent encryption, which always generates the same ciphertext for identical plaintext. If you select convergent encryption, the Context parameter is required when calling the encryption/decryption feature.
Convergent encryption: the context is used to derive the encryption key and initialization vector (IV) from the seed key for both encryption and decryption. If an incorrect Context is entered, decryption becomes impossible. When convergent encryption is applied, the same Context always generates the same key and IV, resulting in the same ciphertext for identical plaintext. However, using the same Context for multiple plaintexts can weaken cryptographic security. It is recommended to use a unique Context for each piece of data. If convergent encryption is not applied, the key and IV are randomly derived each time, so even the same plaintext results in different ciphertext. In this case, entering a Context is not required. Whether to apply convergent encryption can only be set during key creation and cannot be changed later.
- Rotation type: click automatic rotation status.
- Rotation cycle: enter between 1 and 730 days (default: 90 days)
- Memo: enter 100 characters or less
- Click the [Create keys] button.
Delete keys
You can request deletion of a key that is no longer in use. Keys requested for deletion are permanently deleted after a 72-hour waiting period. Keys requested for deletion are placed in a pending deletion status and are not available for encryption/decryption requests, just like in a disabled status. If deletion waiting period is not needed, it is also possible to delete it immediately. For example, if the key doesn't have a user, it can be deleted immediately without waiting 72 hours because deleting it won't cause any data loss.
Once deleted, the key is permanently deleted and can't be restored, so choose carefully. Especially in the case of [Delete immediately], as the key is deleted immediately and cannot be canceled, caution is needed.
To cancel a deletion request for a key that is pending deletion, click the [Cancel key deletion] button before the 72-hour waiting period has elapsed. After clicking the button, the deletion request is canceled and the key is immediately placed in the disabled status. If you want to use the key again, you can switch it to enabled status.
To delete a key, follow these steps:
- In the NAVER Cloud Platform console, navigate to > Services > Security > Key Management Service > Key.
- Click to select the keys you want to delete, then click the [Request key deletion] button.
- When the Request key deletion popup window appears, click the [Request deletion] button. Caution is needed when deleting a key that has usage history. (Recent usage history refers to APIs usage history.)
- Check the key status that changed after the deletion request in the key list.
- Pending deletion: a deletion request has been received and is waiting 72 hours for complete deletion.
- If you want to delete the key immediately without deleting it on the scheduled deletion date shown in the status field, click the [Delete now] button.
