Important
Secrets cannot be moved from one region to another after creation.
How to create secrets with Secret Manager
Reviewed on 17 June 2025 • Published on 21 February 2023
The secret creation process slightly differs depending on whether you are using Secret Manager for the first time or not. Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing Key Manager key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards.
This page explains how to create a secret for the first time using the Scaleway console and how to create a secret if you have already created resources in Secret Manager.
Before you startLink to this anchor
To complete the actions presented below, you must have:
- A Scaleway account logged into the console
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- Click Secret Manager in the Security & Identity section of the Scaleway console side menu.
- In the Region drop-down, select the region in which you want to store your secret.
- Click + Create secret.
- Add your secret:
- Choose whether to add your secret manually or import it.
Note
The maximum file size for your secret is 64 KiB.
- Choose a secret type and enter or upload your secret value.
- Choose whether to add your secret manually or import it.
- Choose a Key Manager encryption key:
-
Scaleway-managed encryption key: requires no configuration on your side.
-
Manually-managed encryption key: an existing Key Manager key you have previously created.
-
- Choose a path for your secret.
- Enter a name for your secret, and, optionally, add a description and tags.
- Optionally, click «Toogle Icon» to enable secret protection.
- Optionally, click «Toogle Icon» next to Enable single access or Enable Time to Live to apply an ephemeral policy to your secret and its versions.
Important
- Single access: allows you to set your secret versions to expire after one single access.
- Time to Live: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
- The ephemeral policy can only be applied to a secret at creation, and cannot be removed once applied.
- Once applied to a secret, the ephemeral policy’s settings will be applied to all the secret’s versions (even those created subsequently).
- Check the estimated cost and click Create secret to confirm. The Overview tab of your secret displays with information such as the region of your secret, its encryption key, the secret’s ID, etc.
Note
- The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out how to add more versions to your secret.
- Your path and secret are created on the go.
- Click Secret Manager in the Security and Identity section of the Scaleway console side menu.
- Select your desired region in the Region drop-down.
Important
Secrets cannot be moved from one region to another after creation.
- Click + Create secret.
- Add your secret:
- Choose whether to add your secret manually or import it from a file.
Note
The maximum file size for your secret is 64 KiB.
- Choose a secret type and enter or upload your secret value.
- Choose whether to add your secret manually or import it from a file.
- Choose a Key Manager encryption key:
-
Scaleway-managed encryption key: requires no configuration on your side.
-
Manually-managed encryption key: an existing Key Manager key you have previously created.
-
- Choose a path for your secret:
-
Enter an existing path.
-
Create a new path. The path name must be prefixed with a slash.
-
- Enter a name for your secret, and, optionally, add a description and tags.
- Optionally, click «Toogle Icon» to enable secret protection.
- Optionally, click «Toogle Icon» next to Enable single access or Enable Time to Live to apply an ephemeral policy to your secret and its versions.
Important
- Single access: allows you to set your secret versions to expire after one single access.
- Time to Live: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
- The ephemeral policy can only be applied to a secret at creation, and cannot be removed once applied.
- Once applied to a secret, the ephemeral policy’s settings will be applied to all the secret’s versions (even those created subsequently).
- Click Create secret. The Overview tab of your secret displays with information such as the region of your secret, its encryption key, the secret’s ID, etc.
Note
- The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out how to add more versions to your secret.
- If you have created a path that did not exist yet, your path and secret are created on the go.
Was this page helpful?