Functions
CSMS is a secure, reliable, and easy-to-use secret hosting service. Users or applications can use CSMS to create, retrieve, update, and delete credentials in a unified manner throughout the secret lifecycle. CSMS can help you eliminate risks incurred by hardcoding, plaintext configuration, and permission abuse.
Unified Secret Management
Applications and business systems have a large number of secrets and are difficult to manage.
CSMS can store, retrieve, and use secrets in a unified manner throughout their lifecycles.
Perform the following operations to manage secrets using CSMS:
- Collect secrets.
- Upload the secrets to CSMS.
- Configure fine-grained access and usage permissions for each secret by using IAM.
Secure Secret Retrieval
Many applications store plaintext secrets, such as passwords, tokens, certificates, SSH keys, and API keys, in their configuration files to be used for authentication when they access databases or other services. Plaintext and hardcoded secrets are prone to breach and incur security risks.
CSMS allows users to dynamically query secrets via APIs instead of hardcoding the secrets, greatly reducing breach risks.
Perform the following operations to manage secrets using CSMS:
When an application reads its configurations, it calls CSMS APIs to retrieve secrets. Neither hardcoded nor plaintext secrets are required.
Rotating Credentials and Keys
Secrets need to be periodically updated to enhance security. To rotate a secret, you need to update the secret in all the applications and configurations using it, which is time-consuming, error-prone, and may cause service interruption.
CSMS enables convenient multi-version secret management. Applications can call CSMS APIs or SDKs to securely update secrets without making mistakes.
Perform the following operations to manage secrets using CSMS:
- An administrator adds a secret version on the CSMS console or via APIs to and update the secret.
- Applications call CSMS APIs or SDKs to obtain the latest or a specified version of the secret, and perform full or grayscale update.
- Regularly repeat steps 1 and 2 to rotate secrets.
- Enable rotation for encryption keys to improve storage security.
Secret Event Notification
After you subscribe to an associated event for a secret object, if the event is enabled and a basic event is triggered on the secret object, an event notification is sent to the notification topic specified by the event through Simple Message Notification (SMN). Basic event types include new secret version creation, secret version expiration, secret deletion, and secret rotation. After configuring event notification, you can use event-driven managed functions in FunctionGraph to automatically rotate secrets.
Perform the following operations to manage secrets using CSMS:
1. The administrator adds an event on the CSMS event notification console or by calling the API.
2. When creating or updating a secret, you need to associate the event object required for subscription.
3. You will receive an event notification when the secret status changes. You can configure functions in FunctionGraph to automatically update or rotate secrets.
CSMS Basic Features
|
Function |
Description |
|---|---|
|
Secret lifecycle management |
|
|
Secret version management |
|
|
Secret version status management |
Update, query, and delete secret versions. |
|
Secret tag management |
Add, search for, edit, and delete tags. |
|
Secret event management |
|
|
Secret notification management |
View the change event type, event name, and secret name. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
