Updated on 2024-12-19 GMT+08:00

Critical Operation Protection

Operation protection is supported in secret management. If you want to perform critical operations on the console, an identify verification method is required. Enable this function for your account security. It will take effect for both the account and users under the account.

Constraints

Only operations that are performed on the console are protected by this function.

Enabling operation protection

  1. Log in to the management console.
  2. On the console, locate the user name in the upper right corner, and select Security Settings from the drop-down list.

    Figure 1 Security settings

  3. Go to the security settings page and click Critical Operations. Locate Operation Protection and click Enable.
  4. On the Operation Protection page, choose Enable, and click OK to enable operation protection.

    In this case, if you or the IAM users under your account perform critical operations such as viewing secret value or deleting a key, you are required to enter a verification code, avoiding risks and loss for your service.

    • When performing a critical operation, you will be asked to choose a verification method from email, SMS, and virtual MFA device.
      • If you only bind a phone number, only SMS verification is available for verification.
      • If you only bind an email address, only email is available for verification.
      • If you have not bound any method, bind one to perform critical operations.
    • To modify the verification phone number, email address, or the virtual MFA device, see Basic Information.

Verifying the Operation Protection

If you have enabled operation protection, there will be a verification when you perform critical operations such as viewing the secret value. Select a verification mode based on your bound information, as shown in Figure 2.

  • If you have bound an email address, enter the email verification code.
  • If you have bound a mobile number, enter the SMS verification code.
  • If you have bound a virtual MFA device, enter the 6-digit dynamic verification code on the MFA device.
    Figure 2 Operation protection verification

Disabling Operation Protection

  1. Log in to the management console.
  2. On the console, locate the user name in the upper right corner, and select Security Settings from the drop-down list.

    Figure 3 Security settings

  3. Go to the security settings page and click Critical Operations. Locate Operation Protection and click Modify.
  4. On the Operation Protection page, choose Disable, click OK, and pass the verification.