Secret Manager concepts

Available in VPC

Describes the basic concepts related to services for the best use of Secret Manager.

• Credentials and security passwords
• Secret
• Secret lifecycle
• Secret chain
• Secret protection

Credentials and security passwords

Credentials mean any identity-confirming or pre-defined qualification, or any document with granted permissions in general. Examples of these include identification cards, diplomas, or professional certificates. Credentials refer to data referred to when access control is performed to conduct any requested functions or to provide services, such as ID, password, or security password that the user submits when logging in. Secret Manager manages credentials used in the computer system by treating them as the same concept as the term of security password.

Secret

The data that Secret Manager manages is defined as secret, a kind of resource. Secret includes not only the actual secret data (secret value), but also the meta information based on the secret, information about other services or systems, and so on. Secret Manager controls, manages, and protects permissions by the secret, and measures usage. Although the secret is data that the user defines directly, personal information is not directly included in the service by default. When the secret value is deleted or when the service is unsubscribed from, the secret value is destroyed immediately and cannot be recovered. Any incidental information other than the secret value is destroyed after being retained for 3 months.

Secret lifecycle

Secrets have a series of lifecycle stages from creation through use to final deletion. According to their lifecycle, they are categorized into different states: available for use, temporarily suspended, rotation in progress, pending deletion, and final deletion. Secrets cannot be viewed in temporarily suspended and pending deletion statuses; however, management features such as automatic rotation will be completed before the final deletion. Once the deletion request is made, secrets will be finally deleted after pending deletion for 7 days. Until secrets are deleted finally, the billing continues.

Secret chain

Secret Manager manages the secret value that is rotated while using the secret as an internal status called stage, depending on the rotation history. The secret value being rotated is maintained in chronological order as the rotation stages progress, and this is defined as the secret chain.

Secret protection

Secret Manager protects all secrets by encrypting them. NAVER Cloud Platform users have their basic client keys by default, which are automatically created and managed in Key Management Service, and all secrets in Secret Manager are protected with the basic client keys by default. If you want to change the protection key options, manage them in detail, or check the history directly, you can set the user-managed key. Users create and manage the user-managed keys directly in Key Management Service. For more information, see Key Management Service user guide.
Secret Manager protects the secret value in the Envelope Encryption method based on the protection key. (This means all secret values are encrypted with different keys, respectively.)