Managing Secret Versions

Constraints

• A secret can have up to 20 versions.
• Secret versions are numbered v1, v2, v3, and so on based on their creation time.

  You can mark a version with a tag created in the service or a custom tag. A version can have multiple status tags, but a status tag can be used for only one version. For example, if you add the status tag used by version A to version B, the tag will be moved from version A to version B.

• For RDS and TaurusDB secrets, do not manually input the secret values.
• SYSCURRENT and SYSPREVIOUS are preconfigured statuses and cannot be deleted.

Saving and Viewing Secret Values

1. Log in to the DEW console.
2. Click in the upper left corner and select a region or project.
3. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
4. Click a secret name to access its details page.
5. In the Version area, click Add Secret Version, as shown in Figure 1. In the displayed dialog box, configure Secret key/value or Plaintext.
   Figure 1 Adding a secret value

   
   

6. You can select an expiration time for the stored secret value. The time can be specific to seconds. After the setting is complete, you can view the expiration time in the secret version list. For example, Jun 30, 2023 19:52:59.
7. Click OK. A message is displayed in the upper right corner of the page, indicating that the value is added successfully.
8. In the Version List area, locate the target secret version, click View Secret in the Operation column, as shown in Figure 2.
   Figure 2 Secret version list

   
   

9. If critical operation protection is enabled, after you click View Secret, you need to pass the operation verification before viewing the secret value.
   

   For details about enabling critical operation protection, see Critical Operation Protection.

   Generally, secret values are obtained by applications through API calls. If you need to check the secret value on the service console, enable this function for data security. Confirm again and click OK.

10. Click OK.

Managing Secret Version Statuses

1. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
2. Click a secret name to access its details page.
3. In the Version List area, click Manage Status in the Operation column.
4. In the Manage Status dialog box, add, change, or delete the status of a secret version.
   Figure 3 Managing statuses

   
   
   • Adding a version status

     In the Manage Status dialog box, click Add and enter a status name. Click OK.

     

     A secret can have up to 12 version statuses. A status can be used for only one version.

   • Updating the version status

     In the Manage Status dialog box, click Change and select an existing version status. Click OK.

   • Deleting the version status

     In the Manage Status dialog box, click Delete and select a version status. Click OK.

     

     SYSCURRENT and SYSPREVIOUS are preconfigured statuses and cannot be deleted.

Setting the Version Expiration Time for a Secret

This section describes how to set the version expiration time on the secret details page.

1. In the navigation pane on the left, choose Cloud Secret Management Service > Secrets.
2. Click a secret name to access its details page.
3. In the Version area, click Configure Expiration of the target secret.
4. On the displayed page, set an expiration time, and click OK.
   

   The expiration time can be set to a date or a number of days. After the expiration date is set, the expiration date is displayed.

   Figure 4 Setting an expiration time