NavigationContentFooter
Suggest an edit
Was this page helpful?

How to create secrets with Secret Manager

Reviewed on 17 June 2025Published on 21 February 2023

The secret creation process slightly differs depending on whether you are using Secret Manager for the first time or not. Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing Key Manager key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards.

This page explains how to create a secret for the first time using the Scaleway console and how to create a secret if you have already created resources in Secret Manager.

Before you startLink to this anchor

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  1. Click Secret Manager in the Security & Identity section of the Scaleway console side menu.
  2. In the Region drop-down, select the region in which you want to store your secret.
    Important

    Secrets cannot be moved from one region to another after creation.

  3. Click + Create secret.
  4. Add your secret:
    • Choose whether to add your secret manually or import it.
      Note

      The maximum file size for your secret is 64 KiB.

    • Choose a secret type and enter or upload your secret value.
  5. Choose a Key Manager encryption key:
    • Scaleway-managed encryption key: requires no configuration on your side.

    • Manually-managed encryption key: an existing Key Manager key you have previously created.

  6. Choose a path for your secret.
    Important

    A path is the directory structure to access your secrets and their versions. Each path must be prefixed with a slash.

  7. Enter a name for your secret, and, optionally, add a description and tags.
  8. Optionally, click «Toogle Icon» to enable secret protection.
  9. Optionally, click «Toogle Icon» next to Enable single access or Enable Time to Live to apply an ephemeral policy to your secret and its versions.
    Important
    • Single access: allows you to set your secret versions to expire after one single access.
    • Time to Live: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
    • The ephemeral policy can only be applied to a secret at creation, and cannot be removed once applied.
    • Once applied to a secret, the ephemeral policy’s settings will be applied to all the secret’s versions (even those created subsequently).
  10. Check the estimated cost and click Create secret to confirm. The Overview tab of your secret displays with information such as the region of your secret, its encryption key, the secret’s ID, etc.
    Note
    • The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out how to add more versions to your secret.
    • Your path and secret are created on the go.
See also
How to manage a secret
Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2025 – Scaleway