All Products
Search
Document Center

CloudOps Orchestration Service:Encrypted parameters

最終更新日:Sep 03, 2024

In addition to common parameters, CloudOps Orchestration Service also supports encrypted parameters. The values stored in such parameters are encrypted by using Key Management Service (KMS). This topic describes how to create, search for, and modify encrypted parameters in the parameter store of OOS.

Important

To use encrypted parameters, make sure that the following requirements are met:

  1. KMS is activated. For more information, see Purchase a dedicated KMS instance.

  2. You are granted related permissions on KMS by using Resource Access Management (RAM). For more information, see Use RAM to control access to KMS resources.

Create an encrypted parameter

  1. Log on to the OOS console.

  2. In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab, and then click Create Encryption Parameter.image

  3. On the Create Encryption Parameter page, configure the parameters. The following figure shows the parameters.image

    1. Parameter Name: Enter a parameter name.

    2. Description: Enter a parameter description.

    3. KMS Instance ID: Enter the ID of a dedicated KMS instance.

      1. If you do not specify the ID of a dedicated KMS instance, the default KMS instance of the old version is used. In this case, you can create up to 200 encrypted parameters.

      2. If you specify the ID of a dedicated KMS instance, you can use the secret quota of the instance. For more information, see Purchase and enable a KMS instance.

    4. KMS Key ID: Select a KMS key from the drop-down list. You can select Default Service CMK or an existing customer master key (CMK). For more information, see Create a CMK.

    5. Value: Enter the parameter value.

    6. Constraints: Add constraints for the parameter value. You can add multiple constraints. The following types of constraints are supported:

      1. Valid Value

      2. Regular Expression

      3. Maximum Length

      4. Minimum Length

  4. Click Create.

Search for encrypted parameters

  1. Log on to the OOS console.

  2. In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab. A search box with filter options is provided to the right of the Create Encryption Parameter button.

  3. Specify one or more of the following filter conditions:secret-parameter-03

    1. Parameter Name: You can use fuzzy search to search for parameters by name.

    2. Path: You can search for parameters by path. For example, if the parameter name is /parameter/parameter1/test, the parameter path is /parameter/parameter1/.

    3. Parameter Path Recursion: You can specify whether to search for parameters by path in recursive mode. This filter condition is used together with Path. Default value: No. For example, if you select Path, select Yes from the Parameter Path Recursion drop-down list, enter /parameter in the search box, and then click the Search icon, parameters whose path starts with /parameter are displayed. If you perform a search by using the /group1 path prefix, the following table describes the search results in recursive and non-recursive modes.

      Parameter

      Recursive mode

      Non-recursive mode

      /group1/team2/some_parameter

      Displayed

      Not displayed

      /group1/team1/some_parameter

      Displayed

      Not displayed

      /group1/some_parameter

      Displayed

      Displayed

Modify an encrypted parameter

  1. Log on to the OOS console.

  2. In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab. On the Encryption Parameters tab, find the parameter that you want to modify and click Edit in the Actions column.secret-parameter-05

  3. On the page that appears, modify the Value and Description parameters based on your business requirements.secret-parameter-06

  4. Click Save.

  5. On the Edit History tab, view the modification history of the encrypted parameter.secret-parameter-07

    Important

    Only the most recent 10 modifications are retained for each encrypted parameter.

  6. On the Edit History tab, select Display Parameter Values in the upper-left corner to view the values of the encrypted parameter.secret-parameter-08