Jump toSuggest an edit


Disabling a version

Disabling a version is the action of temporarily revoking access to the data contained within a specific version. This prevents any users and applications from accessing your data.

Enabling a version

Enabling a version is the action of making the data contained within the version accessible for retrieval by authorized users and applications. This allows you to manage access to your data and control which versions are accessible, at any time.

Ephemerality properties

When applying an ephemeral policy to your secret, you must define at least one ephemerality property:

  • Single access: allows you to set your secret versions to expire after one single access.
  • Time to Live: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.

Ephemeral policy

An ephemeral policy is a statement that defines the lifetime of a secret and its versions, using either the Single access or the Time to Live ephemerality properties. The ephemeral policy also allows you to decide whether to disable or delete your secret’s versions, once the versions have expired.

  • The ephemeral policy can only be applied to a secret at creation, and cannot be removed once applied.
  • If applied to a secret, all its versions inherit their settings from the policy.

Ephemeral secret

An ephemeral secret is a secret that has a limited lifetime, enforced by an ephemeral policy. All the secret’s versions automatically inherit their settings from those of the current ephemeral policy.


Enabling a version that was previously disabled, amounts to recreating the version. If you have updated the secret’s ephemeral policy while the version was disabled, enabling it again makes it inherit its settings from those of the current ephemeral policy.


A path refers to the directory structure to access your secrets and their versions. Each path is prefixed with a slash.

For example, if you create a secret my-secret within the path /my-path, your secret can be accessed at the /my-path/my-secret path.

  • A path can only contain names of 1 to 255 alphanumeric characters, dots, underscores, and dashes.
  • If you leave the path name field empty when creating your secrets, the default path will be /. Your secrets and versions will be stored under the / path.


A PEM or Privacy Enhanced Mail file is a security certificate file used to establish a secure communication channel between a web server and a browser. It is encoded in Base64 and may contain a private key, a server certificate and/or a combination of other certificates.


A region is the geographical area in which your secrets, and versions are stored and run. They are duplicated on all Availability Zones of the selected region (Paris, Amsterdam, or Warsaw).

Secret Manager allows you to select your resources by region. This allows you to better sort through your resources, if you have created them in different regions but with the same name, for example.


Secrets are logical containers made up of zero or more immutable versions, that hold sensitive data.

Secret Manager

Secret Manager is a solution that provides a centralized location where your secrets can be stored and accessed. Its primary purpose is to securely store secrets, thus eliminating the need for developers to hard code sensitive information in applications or configuration files.

With Secret Manager, you can also share sensitive data such as passwords, API keys, and certificates.

Scaleway’s Secret Manager can be managed using APIs and the Scaleway CLI, which allow authorized applications or services to retrieve secrets securely. This enables you to automate a deployment by fetching your passwords stored on Secret Manager through the API, and storing them in your environment variables, which will then be used by your application.

Secret protection

Secret protection is a feature that prevents the deletion of your secrets. Users holding the SecretManagerFullAccess, SecretManagerSecretWrite, and AllProductsFullAccess permission sets can enable it, ensuring that although your secrets can be accessed and modified, they remain impossible to delete. This ensures the protection of critical information against accidental deletion while maintaining secret management flexibility.


Although a protected secret cannot be deleted, its versions can.


Tags allow you to organize your secrets. This gives you the possibility of sorting and filtering your secrets in any organizational pattern of your choice, which in turn helps you arrange, control, and monitor your secrets.


Versions store the data contained in your secret (API keys, passwords, or certificates). Versions can be enabled or disabled depending on your usage.

Docs APIScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCarreer
© 2023-2024 – Scaleway