Secret Overview
Shared Secrets
Full lifecycle management is supported for customized secrets in different scenarios. You can use CSMS to centrally manage, retrieve, and securely store various types of secrets, such as database account passwords, server passwords, SSH keys, and access keys. Multiple versions can be managed, so you can rotate secrets.
Secret Rotation
Database secret leakage is the main cause of data leakage. CSMS supports RDS and TaurusDB secrets hosting, as well as automatic and manual rotation, meeting various database secret management scenarios and reducing security risks faced by service data.
Differences Between Shared Secrets and RDS Secrets
Type |
Shared secret |
Rotated secret |
---|---|---|
Application Scenario |
Supports full lifecycle management of customized secrets in different scenarios. |
|
Automatic Rotation |
Not supported. Users need to trigger the rotation. |
Supported. Single-user and dual-user rotation models are supported. |
Using Rotated Secrets
Process description:
- Create a rotated secret.
- Set the secret name and tag.
- Configure an automatic rotation policy.
- An application system can request an access secret from CSMS and obtain the secret value to access the corresponding database. For details about how to call APIs, see Querying the Secret Version and Value.
- The application system uses the returned secret value to parse the plaintext data. After obtaining the account and password, the application system can access the target database corresponding to the user.
- After automatic rotation is enabled, the passwords hosted by the database instance will be updated periodically. Ensure that the application that uses the database instance has completed code adaptation so that the latest secrets can be dynamically obtained when the database connection is established.
- Do not cache any information in secrets. Otherwise, the account and password may become invalid after rotation, causing database connection failures.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot