Overview of the Parameter Center
In the digital era, enterprises and developers need to frequently process various sensitive and non-sensitive data, such as accounts and passwords, API keys, and configuration texts during system O&M, automatic script execution, and multi-scenario job scheduling. If the data is not properly managed, security risks such as information leakage and permission abuse may arise. In addition, as service scenarios become more complex, a more efficient collaboration mechanism is required for the entire process of data creation, update, reference, and destruction. For such scenarios, traditional distributed storage or manual management cannot meet the requirements of both security and convenience anymore.
To address these issues and to meet suit service needs, the parameter center is developed to provide you with secure and reliable parameter storage and full-lifecycle management and control capabilities through centralized and standardized management, resolving pain points such as scattered data, security risks, and complex reference.
Core Principles
The core principle of the parameter center is based on the design ideas of centralized storage and standard process.
- Centralized storage: All types parameters (sensitive or not) are centrally stored in the security database of COC to prevent data from being scattered in scripts, configuration files, or local devices, mitigating leakage risks.
- Hierarchical security mechanism: Different security policies are used for different types of parameters (such as common text and encrypted data). Common text parameters can be directly stored and referenced in plaintext. Sensitive data (such as keys and passwords) is encrypted using encryption algorithms (such as AES and RSA) before being stored and is decrypted only during authorized reference. This ensures data security during storage and transmission.
- Full-lifecycle management and control: Standard interfaces and processes are used to manage and control the entire process of creating, updating, querying, referencing, and destroying parameters. Logs (such as the operator, time, and content) of each operation are recorded to implement operation traceability and auditability.
- Cross-scenario reference adaptation: Parameters can be referenced by multiple objects, such as scripts, automated jobs, and applications, through unified APIs or calling protocols. This eliminates the need to repeated data input and improves collaboration efficiency.
Functions
- Diversified parameters are compatible with various data types, including but not limited to account information, API keys, database connection strings, configuration text, and JSON/XML segments, meeting parameter storage requirements in different service scenarios.
- Refined security control
- Encrypted storage of sensitive data: SM series cryptographic algorithms or international mainstream encryption algorithms are used to ensure that sensitive information such as keys and passwords cannot be cracked even if the database is accessed by authorized users.
- Hierarchical permissions management: Parameter access permissions (such as read-only, editing, and reference permissions) can be configured by user, role, or scenario to prevent unauthorized operations.
- Operation log audit: Records the creation, modification, deletion, and reference of all parameters, and provides the log query and export functions to meet compliance requirements (such as graded security protection and SOC audit requirements).
- Automated full-lifecycle management
- One-click creation and update: Parameters can be quickly created on the console, through APIs, or using batch import tools. Online editing and version backtracking are supported (historical modification records are retained).
- Easy reference and synchronization: Standard APIs (such as REST APIs and SDKs) are provided. Scripts or jobs can be directly referenced by parameter IDs. After parameters are updated, they are automatically synchronized to all reference scenarios to avoid repeated modification.
- Lifecycle configuration: The expiration time or destruction policy can be set for parameters. The parameter automatically becomes invalid or is deleted when the expiration time arrives, reducing redundant data.
- High availability and scalability
- HA architecture: This function is built based on cloud native technologies, supports multi-region backup and DR, ensuring parameter service stability and data durability.
- Elastic expansion: The storage capacity is automatically expanded and the processing capability is automatically enhanced to adapt to service scale changes as the number of user parameters and reference frequency increase.
- Seamless integration and collaboration: This function is closely connected with other components (such as the script management platform, job scheduling system, and monitoring and alerting tool) of COC to support seamless parameter transfer in the automation process. For example, the latest parameters are automatically referenced during script execution, and configuration information is dynamically obtained during job scheduling, improving O&M automation.
Core Value
Parameter Center brings the following benefits:
- Low security risks: Centralized encrypted storage and permissions control reduce data leakage risks and meet compliance requirements.
- Improved management efficiency: Automatic parameter full-lifecycle management saves labor and avoids repeated operations.
- Enhanced service flexibility: Cross-scenario reference and elastic expansion are supported to adapt to fast-changing service requirements.
- Operation traceability: The detailed log audit capability provides a basis for troubleshooting and responsibility tracing.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot