Help Center/ Data Encryption Workshop/ User Guide/ Permissions Management/ Sharing DEW Resources Using RAM/ Shared CSMS
Updated on 2026-06-09 GMT+08:00
View PDF
Share

Shared CSMS

During internal enterprise collaboration, team members need to access the sensitive resources in the same cloud service, such as database connection strings or API keys. Traditionally, such information is shared via email or instant messaging, which features low efficiency and high security risks. To address this problem, Huawei Cloud CSMS supports sharing user secrets within an organization. By sharing only secret usage, secrets are secure and controllable. You can view the shared secrets in the secret list on the console, click the secret name to access its details page, but cannot edit or modify the shared secrets, further ensuring secret security. In addition, you can use RAM to easily manage access to shared secrets. This helps team members share and manage secrets more efficiently and securely, improving collaboration efficiency.

Constraints

For secrets that support RAM sharing, the constraints are as follows:

  • Shared secrets can be used only within an organization. Rotation is not supported.
  • Shared secrets cannot be edited.
  • This feature depends on RAM.

Creating Shared CSMS Resources

  1. Log in to the DEW console.
  2. Click in the upper left corner and choose Management & Governance > Resource Access Manager.
  3. In the navigation pane on the left, choose Shared by Me > Resource Shares.
  4. Click Create Resource Share in the upper right corner.
  5. Set resource type to csms:secretName, select the corresponding region, and select keys to be shared. Click Next: Associate Permissions.
  6. Specify the target principals and click Next: Confirm in the lower right corner.

    Table 1 Parameters

    Parameter

    Description

    Principal Type
    • Organization

      For details about how to create an organization, see .

      NOTE:

      If you have not enabled resource sharing with organizations, this parameter cannot be set to Organization. For details, see .

    • Huawei Cloud account ID

  7. Check the configurations and click Submit in the lower right corner.

    After a shared instance is created, the organization accepts the instance automatically, while Huawei cloud accounts need to perform certain operations. For details, see .

Viewing Shared CSMS Resources

  1. Log in to the DEW console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
  4. View the shared secret resources in the Shared Secrets tab.

    Figure 1 Shared secrets

Parent Topic: Sharing DEW Resources Using RAM