Imagine that you’re a developer and you created a custom application to retrieve information from a database. In the past, you had to embed the credentials, or the secret, for accessing the database directly in the application in plaintext. This approach worked fine until you had to rotate the secret. When it came time to rotate the secret, because the secret was hardcoded in the application, you had to invest significant time and effort to update and distribute the application—an especially tedious task that was prone to single points of failure if multiple applications shared the same secret. Fortunately, thanks to Tencent Cloud’s Secrets Manager (SSM), you can now quickly and easily manage, retrieve and store encrypted database credentials, API keys and other secrets.
With SSM, hardcoded secrets are deleted from the application source code and replaced by calls to the Secrets Manager API. This allows you to centrally, dynamically and programmatically retrieve, manage and store secrets through their entire lifecycle and avoid plaintext leakage caused by hardcoding and business risks caused by out-of-control permissions. In SSM, secrets are encrypted and stored by Tencent Cloud’s Key Management Service (KMS), and the encryption keys are generated and protected by a hardware security module (HSM) certified by third parties. During secret retrieval, secrets are securely transferred by TLS to the local server.
You can use SSM via the console, the SDK or the CLI to securely create, store and retrieve sensitive secrets. You can also centrally manage the entire lifecycle of secrets by using SSM in conjunction with Cloud Access Management (CAM), which allows you to implement resource-level access authorization, and CloudAudit, which provides monitoring, compliance check, and auditing services for your Tencent Cloud account. Finally, you can easily rotate secrets by adding a secret version on the SSM console or calling APIs to update the content of the target secret. You can decide whether to rotate secrets fully or to sync the update across all dependent application points via beta tests. Either way, SSM helps you manage secrets with ease and flexibility with minimal developmental effort on your part.
SSM offers pay-as-you-go billing based on the number of managed secrets and API calls and does not require minimum fees or setting fees.
SSM was released on the international console on November 18.
Contact our sales team or business advisors to help your business.
Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.