tencent cloud

Feedback

Secrets Manager

Last updated: 2024-05-26 09:27:06

    Fundamental information

    Product Abbreviation in CAM Console Authorization by Tag Authorization Granularity IP Restriction
    Secrets Manager ssm Supported Supported Resource level Supported

    Note:

    The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.

    • Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
    • Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
    • Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.

    API authorization granularity

    Two authorization granularity levels of API are supported: resource level, and operation level.

    • Resource level: It supports the authorization of a specific resource.
    • Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.

    Write operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    CreateAccessKeySecret Create AccessKey Secret Operation level * Supported
    CreateProductSecret Create Product Secret Operation level * Supported
    CreateSSHKeyPairSecret Create SSH Key Pair Secret Operation level * Supported
    CreateSecret Create secret Operation level * Supported
    DeleteSecret Delete secret information Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    DeleteSecretVersion Delete secret for specified version Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    DisableSecret Disable secret Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    PutSecretValue Add secret of new version Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    RestoreSecret Restore secret to be deleted Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    RotateProductSecret Rotate Product Secret Resource level qcs::ssm::uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    UpdateDescription Update secret descriptions Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    UpdateRotationStatus Update Rotation Status Resource level qcs::ssm::uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    UpdateSecret Update secret Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported

    Read operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeAccessKeyRotateResult Describe AccessKey Rotate Result Resource level qcs::ssm:${region}:uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    DescribeAsyncRequestInfo Describe Async Request Info Operation level * Supported
    DescribeRotationDetail Describe Product Secret Rotation Detail Resource level qcs::ssm::uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    DescribeRotationHistory Describe Product Secret Rotation History Resource level qcs::ssm::uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    DescribeSecret Get secret details Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    DescribeSupportedProducts Describe Supported Products Operation level * Supported
    EnableSecret EnableSecret Operation level * Supported
    GetSSHKeyPairValue Get SSH Key Pair Value Resource level qcs::ssm:${region}:uin/${uin}:secret/creatorUin/$creatorUin/$secretName Supported
    GetSecretValue Get secret plaintext Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    GetServiceStatus Get user’s service status Operation level * Supported

    List Operations

    API API Description Authorization Granularity Six-segment Resource Description IP Restriction
    DescribeResourceIds Describe ResourceIds Operation level * Supported
    GetRegions Get region display list in console Operation level * Supported
    ListSecretVersionIds Get version list information under specified secret Resource level qcs::ssm:$region:uin/$uin:secret/creatorUin/$creatorUin/$secretName Supported
    ListSecrets Get the list of secret details Operation level * Supported
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support