From e7ca23198d0889848c9e277002faa9bcd02271a8 Mon Sep 17 00:00:00 2001 From: nerda-codes Date: Tue, 17 Jun 2025 16:39:55 +0200 Subject: [PATCH 1/2] docs(add): encryption key step --- pages/secret-manager/how-to/create-secret.mdx | 117 ++++++++++-------- pages/secret-manager/quickstart.mdx | 25 ++-- 2 files changed, 77 insertions(+), 65 deletions(-) diff --git a/pages/secret-manager/how-to/create-secret.mdx b/pages/secret-manager/how-to/create-secret.mdx index 5407a391b4..080ec85e22 100644 --- a/pages/secret-manager/how-to/create-secret.mdx +++ b/pages/secret-manager/how-to/create-secret.mdx @@ -7,13 +7,15 @@ content: paragraph: Discover how to efficiently create secrets using Scaleway's Secret Manager. Follow these step-by-step instructions whether you are setting up your first secret or adding more to your existing resources. tags: secret sensitive-data storage-system secret-type dates: - validation: 2025-01-13 + validation: 2025-06-17 posted: 2023-02-21 categories: - identity-and-access-management --- -The [secret](/secret-manager/concepts/#secret) creation process slightly differs depending on whether you are using Secret Manager for the first time or not. This page explains how to create a [secret](/secret-manager/concepts/#secret) for the first time using the [Scaleway console](https://console.scaleway.com) and how to create a secret if you have already created resources in Secret Manager. +The [secret](/secret-manager/concepts/#secret) creation process slightly differs depending on whether you are using Secret Manager for the first time or not. Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing [Key Manager](/key-manager) key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards. + +This page explains how to create a [secret](/secret-manager/concepts/#secret) for the first time using the [Scaleway console](https://console.scaleway.com) and how to create a secret if you have already created resources in Secret Manager. @@ -22,70 +24,75 @@ The [secret](/secret-manager/concepts/#secret) creation process slightly differs + 1. Click **Secret Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. + 2. In the **Region** drop-down, select the [region](/secret-manager/concepts/#region) in which you want to store your secret. + + Secrets cannot be moved from one region to another after creation. + + 3. Click **+ Create secret**. + 4. Add your secret: + - Choose whether to add your secret manually or import it. + + The maximum file size for your secret is 64 KiB. + + - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value. + 5. Choose a Key Manager encryption key: + - Scaleway-managed encryption key: requires no configuration on your side. - - 1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. - 2. Click **+ Create secret**. - 3. Choose the [region](/secret-manager/concepts/#region) in which you want to create your secret. + - Manually-managed encryption key: an existing [Key Manager](/key-manager) key you have previously created. + 6. Choose a [path](/secret-manager/concepts/#path) for your secret. - Secrets cannot be moved from one region to another after creation. + A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash. - 4. Add your secret: - - Choose whether to add your secret manually or import it from a file. - - The maximum file size for your secret is 64 KiB. - - - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value. - 5. Create a [path](/secret-manager/concepts/#path) in which to store your secret. The path name **must be prefixed** with a slash. - 6. Enter a name for your secret and add optional tags. - 7. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). - 8. Optionally, click next to **Single access** or **Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. + 7. Enter a name for your secret, a description, and optional tags. + 8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). + 9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. - - **Single access**: allows you to set your secret versions to **expire after one single access**. - - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible. - - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied. - - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions, even those created subsequently. + - **Single access**: allows you to set your secret versions to **expire after one single access**. + - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible. + - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied. + - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently). + + 10. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc. + + - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret. + - Your path and secret are created on the go. - 9. Click **Create secret**. The **Overview** tab of your secret displays. - - - - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret. - - Your path and secret are created on the go. - - - 1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. - 2. Select your desired [region](/secret-manager/concepts/#region) in the **Region** drop-down. - - Secrets cannot be moved from one region to another after creation. - - 3. Click **+ Create secret**. - 4. Add your secret: - - Choose whether to add your secret manually or import it from a file. + 1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. + 2. Select your desired [region](/secret-manager/concepts/#region) in the **Region** drop-down. + + Secrets cannot be moved from one region to another after creation. + + 3. Click **+ Create secret**. + 4. Add your secret: + - Choose whether to add your secret manually or import it from a file. The maximum file size for your secret is 64 KiB. - - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value. - 5. Choose a [path](/secret-manager/concepts/#path) for your secret: - - Enter an existing [path](/secret-manager/concepts/#path). - - Create a new path. The path name **must be prefixed** with a slash. - 6. Enter a name for your secret and add optional tags. - 7. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). - 8. Optionally, click next to **Single access** or **Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. + - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value. + 5. Choose a Key Manager encryption key: + - Scaleway-managed encryption key: requires no configuration on your side. + + - Manually-managed encryption key: an existing Key Manager key you have previously created. + 6. Choose a [path](/secret-manager/concepts/#path) for your secret: + - Enter an existing [path](/secret-manager/concepts/#path). + + - Create a new path. The path name **must be prefixed** with a slash. + 7. Enter a name for your secret, a description, and optional tags. + 8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). + 9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. - - **Single access**: allows you to set your secret versions to **expire after one single access**. - - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible. - - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied. - - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently). + - **Single access**: allows you to set your secret versions to **expire after one single access**. + - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible. + - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied. + - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently). + + 10. Click **Create secret**. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc. + + - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret. + - If you have created a path that did not exist yet, your path and secret are created on the go. - 9. Click **Create secret**. The **Overview** tab of your secret displays. - - - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret. - - If you have created a path that did not exist yet, your path and secret are created on the go. - - - - diff --git a/pages/secret-manager/quickstart.mdx b/pages/secret-manager/quickstart.mdx index 5195de12b4..8f280dc5ad 100644 --- a/pages/secret-manager/quickstart.mdx +++ b/pages/secret-manager/quickstart.mdx @@ -6,11 +6,13 @@ content: h1: Secret Manager - Quickstart paragraph: Learn how to quickly set up and manage secrets with Scaleway's Secret Manager. Follow our step-by-step guide to create secrets, define paths, and add versions effortlessly. dates: - validation: 2025-06-13 + validation: 2025-06-17 posted: 2023-02-21 --- -In this quickstart, we show you how to create a [secret](/secret-manager/concepts/#secret) within a [path](/secret-manager/concepts/#path), and how to add [versions](/secret-manager/concepts/#version) to your newly-created secret. +Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing [Key Manager](/key-manager) key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards. + +In this quickstart, we show you how to create a [secret](/secret-manager/concepts/#secret) within a [path](/secret-manager/concepts/#path), how to add an existing or a new [Key Manager](/key-manager) key. Then we show you how to add [versions](/secret-manager/concepts/#version) to your newly-created secret. ## Console overview Discover the Secret Manager interface on the Scaleway console. @@ -24,31 +26,34 @@ Discover the Secret Manager interface on the Scaleway console. ## How to create a secret 1. Click **Secret Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu. -2. Click **+ Create secret**. -3. Choose the [region](/secret-manager/concepts/#region) in which you want to store your secret. +2. In the **Region** drop-down, select the [region](/secret-manager/concepts/#region) in which you want to store your secret. Secrets cannot be moved from one region to another after creation. +3. Click **+ Create secret**. 4. Add your secret: - - Choose whether to add your secret manually or import it from a file. + - Choose whether to add your secret manually or import it. The maximum file size for your secret is 64 KiB. - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value. -5. Choose a [path](/secret-manager/concepts/#path) for your secret. +5. Choose a Key Manager encryption key: + - Scaleway-managed encryption key: requires no configuration on your side. + - Manually-managed encryption key: an existing Key Manager key you have previously created. +6. Choose a [path](/secret-manager/concepts/#path) for your secret. A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash. -6. Enter a name for your secret and add tags (optional). -7. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). -8. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. +7. Enter a name for your secret and add tags (optional). +8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). +9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. - **Single access**: allows you to set your secret versions to **expire after one single access**. - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible. - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied. - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently). -9. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays. +10. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc. - You have created a secret on the go. The value of your secret is stored in its first version, which is [enabled](/secret-manager/concepts/#enabling-a-version) by default. At creation, your secret only has one version. Keep reading our quickstart to find out how to add more versions to your secret. From a2b3850ce137bda999fee820d5a44409fd053c37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9da?= <87707325+nerda-codes@users.noreply.github.com> Date: Tue, 17 Jun 2025 17:48:48 +0200 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Jessica <113192637+jcirinosclwy@users.noreply.github.com> --- pages/secret-manager/how-to/create-secret.mdx | 4 ++-- pages/secret-manager/quickstart.mdx | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pages/secret-manager/how-to/create-secret.mdx b/pages/secret-manager/how-to/create-secret.mdx index 080ec85e22..58adc0696d 100644 --- a/pages/secret-manager/how-to/create-secret.mdx +++ b/pages/secret-manager/how-to/create-secret.mdx @@ -44,7 +44,7 @@ This page explains how to create a [secret](/secret-manager/concepts/#secret) fo A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash. - 7. Enter a name for your secret, a description, and optional tags. + 7. Enter a name for your secret, and, optionally, add a description and tags. 8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). 9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. @@ -80,7 +80,7 @@ This page explains how to create a [secret](/secret-manager/concepts/#secret) fo - Enter an existing [path](/secret-manager/concepts/#path). - Create a new path. The path name **must be prefixed** with a slash. - 7. Enter a name for your secret, a description, and optional tags. + 7. Enter a name for your secret, and, optionally, add a description and tags. 8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). 9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions. diff --git a/pages/secret-manager/quickstart.mdx b/pages/secret-manager/quickstart.mdx index 8f280dc5ad..88e1fafc64 100644 --- a/pages/secret-manager/quickstart.mdx +++ b/pages/secret-manager/quickstart.mdx @@ -44,7 +44,7 @@ Discover the Secret Manager interface on the Scaleway console. A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash. -7. Enter a name for your secret and add tags (optional). +7. Enter a name for your secret, and, optionally, add a description and tags. 8. Optionally, click to enable [secret protection](/secret-manager/concepts/#secret-protection). 9. Optionally, click next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.