- Print
- PDF
Key Management Service scenarios
- Print
- PDF
Available in Classic and VPC
Key Management Service in NAVER Cloud Platform makes it easy to create, operate, and manage keys. You can see how to do so in Getting started with Key Management Service and Using Key Management Service, but we recommend taking a look at the usage scenario of Key Management Service first. If you check out how to use after learning the user scenario, you can use Key Management Service more smoothly. Key Management Service's entire order and the description for each step are the following:
1. Set usage permissions
2. Create keys
3. Manage keys
4. Call APIs
5. Delete keys
The entire scenario of using Key Management Service is closely related to the life cycle of a key. For more information about the life cycle of a key and an explanation of the terms used, see Using Key Management Service and Key Management Service glossary.
1. Set usage permissions
As of November 23, 2023, the key permission management feature provided by the Key Management Service will be changed to detailed permission management through Sub Account. Role-based key permissions that were already in use will be migrated to the same level of policy, see the Managing Key Management Service permissions guide for more information.
Set the permission setting to use keys. The Key Management Service's permissions are defined by adding policies to the "sub account" issued by NAVER Cloud Platform’s Sub Account. Thus, you need to first create sub accounts other than your main account through Sub Account.
Sub Account is a service provided free of charge upon subscription request. For a detailed description of Sub Account and its pricing plans, see the Services > Management & Governance > Sub Account menu in NAVER Cloud Platform portal.
To use the Key Management Service smoothly, you need the permissions required to perform its features. Key Management Service permissions can be managed through Sub Account on NAVER Cloud Platform, and are available as predefined System Managed policies and User Created policies that you define by selecting the required permissions for yourself. To use Key Management Service safely, it is recommended that you configure and manage the minimum number of permissions required to use the service. You can refer to the following user guides for managing permissions:
2. Create keys
You can create keys. You can refer to the following guide.
- Create key in Using Key Management Service
3. Manage keys
You can check the list of keys created and proceed with their operation and management. You can check and change the status of keys according to their lifecycle, or rotate keys for security to control versions. You can also monitor usage history to ensure that issued keys are being operated appropriately. You can refer to the following guide.
- Key status in the Using Key Management Service
- Manage key version in the Using Key Management Service
- View history keys in the Using Key Management Service
4. Call APIs
You can use the encryption/decryption and signing/verification features using the keys you create through the Rest API provided by the Key Management Service. Key Management Service APIs are called through the API Gateway. You can refer to the following guide.
- Key Management Service API guide
- API Gateway user guide
- Key Management Service examples
- Cautions for API Key management, Downloading Java SDK in the Prerequisites for using Key Management Service
5. Delete keys
Keys that are no longer in use can be requested to be deleted for misuse prevention and security. When a deletion request is received, it is automatically deleted after a 72-hour waiting period. If you don't need to wait for deletion, you can delete it immediately.
Once deleted, the key is permanently deleted and can't be restored, so please choose carefully. Deleting an encryption key means deleting the encrypted data, so if the key is deleted, the data encrypted with that key cannot be decrypted.
You can refer to the following guide.
- Delete keys in the Using Key Management Service