Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Infrastructure Security/
SEC02 Identity Authentication/
SEC02-03 Security Management and Credential Usage
Updated on 2025-05-22 GMT+08:00
SEC02-03 Security Management and Credential Usage
Use temporary credentials instead of long-term or permanent credentials for identity authentication to reduce or eliminate risks caused by credential leakage, sharing, or theft.
- Risk level
High
- Key strategies
- There are two types of credentials — long-term credentials include the login password of the user and permanent AK/SK, and short-term credentials include temporary AK/SK and permissions obtained through agency. Do not hard-code long-term credentials in code to prevent leakage. Use temporary credentials to call Huawei Cloud SDKs or APIs.
- In certain scenarios where temporary credentials cannot be used, only then shall the long-term credentials be used. In this case, you should store the long-term credentials in a file outside the code or have them hosted by a third party, and use them as variables. Moreover, periodically audit and rotate your credentials to reduce risks.
- Audit your identity providers and identities configured in IAM to ensure that only authorized identities can access your workloads.
- Use Data Encryption Workshop (DEW) to host credentials. DEW allows you to centrally manage, retrieve, and securely store various credentials, including database account passwords, server passwords, SSH keys, and AKs.
- Use Cloud Secret Management Service (CSMS) in DEW to periodically rotate credentials.
- Use IAM agency to grant operation permissions to cloud services or other accounts.
- Related cloud services and tools
- DEW
- IAM
Parent topic: SEC02 Identity Authentication
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot