What should you use Scaleway Secret Manager?
Scaleway Secret Manager is a secret management service that allows you to secure access to your applications, services and IT resources. The service makes it easy to manage credentials, API keys and other secrets throughout their lifecycle. You can use Secret Manager to handle the secrets used to access Scaleway products, third-party resources, or on-premises services.
What types of secrets can I manage with Secret Manager?
You can manage different types of secrets, such as identifiers for databases, SaaS applications, third-party API keys, SSH keys, or certificates. Secret Manager also allows you to store your secrets in JSON format. Note that the maximum size of a secret is 64 KB.
How can my applications access these secrets?
To access the secrets stored in Secret Manager, you must create an Identity and Access Management (IAM) policy for your application. Then, you can replace the plain text secrets with code to retrieve the stored secrets through the Secret Manager API. For more information, see the related documentation.
In which regions is Secret Manager available?
The Secret Manager service is deployed in all Scaleway regions: PAR, WAW and AMS. Stored secrets are replicated in different zones within a region.
How does Secret Manager guarantee the security of my secrets?
Secret Manager allows you to control access to secrets through IAM policies. When you retrieve a secret, Secret Manager decrypts it and transmits it securely via TLS to your local environment. At no point does the service write or cache secrets in plain text on permanent storage.
How does Scaleway Secret Manager Scaleway encrypt my secrets?
Secret Manager Scaleway uses envelope encryption (AES-256 encryption algorithm) to encrypt your secrets with an internal Key Management Service (KMS). To understand the secrets encryption process, refer to our related documentation
How is Scaleway Secret Manager billed?
At the end of the month, you are billed for the number of secret versions stored and API requests made on the service. A secret version is billed if it is in an enabled or disabled state. If, for example, you have used a secret version for five days, you will only be billed for the five days and not for the whole month. Find out more about pricing on our dedicated page.