Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Access Keys

Updated on 2024-07-26 GMT+08:00

An access key comprises an access key ID (AK) and secret access key (SK), and is used as a long-term identity credential to sign your requests for Huawei Cloud APIs. AK is used together with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

After logging in to the management console, users authorized by the administrator can create and delete access keys on the My Credentials page.

If an IAM user does not have permissions to log in to the management console, the administrator of the user can manage access keys for the user in IAM. For details, see Managing Access Keys for an IAM User.

NOTE:
The credentials that an IAM user can use depend on the access type specified for the user. Select the access type that user will need to use.
  • If the user accesses cloud services only by using the management console, specify the access type as Management console access and the credential type as Password.
  • If the user accesses cloud services only through programmatic calls, specify the access type as Programmatic access and the credential type as Access key.
  • If the user needs to use a password as the credential for programmatic access to certain APIs, specify the access type as Programmatic access and the credential type as Password.
  • If the user needs to perform access key verification when using certain services in the console, specify the access type as "Programmatic access + Management console access" and the credential type as "Access Key + Password". For example, the user needs to perform access key verification when creating a data migration job in the Cloud Data Migration (CDM) console.

Important Notes

  1. You can create a maximum of two access keys with identical permissions and unlimited validity. Each access key can be downloaded only once when created. Keep your access keys secure and change them periodically for security purposes. To change an access key, delete it and create a new one.
  2. Federated users can only create temporary access credentials (temporary AK/SKs and security tokens). For details, see Temporary Access Key (for Federated Users).
  3. If you are an IAM user, move the pointer to the username in the upper right corner of the management console, choose Security Settings, click the Critical Operations tab, and check the enabling status of the Access Key Management feature.
    • Disabled: All IAM users under the account can manage (create, enable, disable, and delete) their own access keys.
    • Enabled: Only the administrator can manage users' access keys.
  4. If you cannot manage your access keys, request the administrator to perform either of the following operations:
  5. If you are an administrator, you can view the AK of an IAM user on the user details page. The SK is kept by the user.

Creating an Access Key

  1. Log in to Huawei Cloud and click Console in the upper right corner.

    Figure 1 Accessing the console

  2. On the management console, hover over the username in the upper right corner and choose My Credentials from the drop-down list.

    Figure 2 Choosing My Credentials

  3. Choose Access Keys from the navigation pane.
  4. Click Create Access Key.

    Figure 3 Creating an access key
    NOTE:
    • You can create a maximum of two access keys. The quota cannot be increased. If you already have two access keys, you can only delete an access key and create a new one.
    • To change an access key, delete it and create a new one.
    • For newly created access keys, the last used time is the same as the creation time, but will change the next time you use them.

  5. Download the access key file.

    After the access key is created, view the access key ID (AK) in the access key list in the access key list and view the secret access key (SK) in the downloaded CSV file.
    NOTE:
    • Download the access key file and keep it properly. If the download page is closed, you will not be able to download the access key. However, you can create a new one.
    • Open the CSV file in the lower left corner, or choose Downloads in the browser and open the CSV file.
    • Keep your access keys secure and change them periodically for security purposes. To change an access key, delete it and create a new one.

Deleting an Access Key

If your access keys are forgotten or leaked, delete them on the My Credentials page or contact the administrator to delete them in IAM.

NOTE:

Deleted access keys cannot be restored. Make sure that the deleted access keys have not been used for more than one week.

  1. On the Access Keys page, locate the access key to be deleted and click Delete in the Operation column.

    Figure 4 Deleting an access key

  2. In the displayed dialog box, click Yes.

Enabling/Disabling an Access Key

Access keys are enabled by default once being created. To disable an access key, perform the following steps:

  1. On the Access Keys page, locate the access key to be disabled and click Disable in the Operation column.
  2. In the displayed dialog box, click Yes.

The method of enabling an access key is similar to that of disabling an access key.

Viewing Access Keys

You can view the access key ID, status, and creation time in the Access Keys area.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback