Help Center> Data Encryption Workshop> User Guide> Cloud Secret Management Service> Creating a Secret> Creating an RDS Secret
View PDF

Creating an RDS Secret

This section describes how to create an RDS secret on the secret management page.

You can create a secret and store its value in its initial version, which is marked as SYSCURRENT.

Constraints

  • A user can create a maximum of 200 secrets.
  • By default, the default key csms/default created by CSMS is used as the encryption key of the current secret. You can also create a user-defined symmetric key and use a user-defined encryption key on the KMS console.
  • RDS secrets support the following DB engines: MySQL and PostgreSQL. Currently, the SQL Server database is not supported.

Creating a Shared Secret

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click . Choose Security & Compliance > Data Encryption Workshop.
  4. In the navigation pane, choose Cloud Secret Management Service.
  5. Click Create Secret and select the RDS DB instance secret, as shown in Figure 1.

    Figure 1 RDS DB instance secret

  6. In the Create Secret dialog box, set the parameters. For details about the parameters, see Table 1.

    Table 1 RDS secret parameters

    Parameter

    Description

    Secret Name

    Secret name

    Enterprise Project

    This parameter is provided for enterprise users. If you are an enterprise user and have created an enterprise project, select the required enterprise project from the drop-down list. The default project is default.

    If there are no Enterprise Management options displayed, you do not need to configure it.

    RDS DB Instance Secret

    Select the name of the instance you created on the RDS console (applicable only to MySQL databases).

    Secret Value

    Secret key/value pair and the plaintext secret to be encrypted

    • If you select Single account, you need to enter an available database account.
    • If you select Dual account, you need to enter two available database accounts.

    For details about the differences, see Rotation Policy.

    Description

    Description of a secret

    KMS Encryption Key

    Select the default master key csms/default or a user key that has been created on KMS.

    NOTE:

    By default, the default key csms/default created by CSMS is used as the encryption key of the current secret. You can also create a key and use a user-defined encryption key on the KMS console. For details, see Creating a Key.

  7. Click Next and set the rotation period.

    If the automatic rotation function is disabled, you need to manually rotate the secrets. To enable automatic rotation, click Set Rotation Policy on the secret details page, enable automatic rotation, and set the rotation period.

  1. Toggle on the automatic rotation switch and select a rotation period. You can select a preset rotation period or customize a rotation period.

    The value ranges from 6 hours to 8,760 hours. The default value is 6 hours.
    Figure 2 Selecting a rotation period

  2. Click Next and confirm the creation information.

    Figure 3 Secret information

  3. Click OK. A message is displayed in the upper right corner of the page, indicating that the secret is created successfully.
  4. You can view the created secrets in the secret list, as shown in Figure 4. The default status of a secret is Enabled.

    Figure 4 Secret list

Parent topic: Creating a Secret