A secret group is a unique secrets vault to which all your secrets are bound. Each secret group has individual access and authorization controls.
Secrets Manager stores your secrets per secret group, per environment and per business group. User access and authorization controls are applied at the environment level. A user who has access on a given environment can access all the secret groups that belong to that environment. Only applications deployed to those specific business groups and environments within your organization can access the secrets stored in each secret group.
Secrets Manager provides both high availability and consistency of stored data, as well as concurrent use functionality for secret renewals. This ensures that all clients use a consistent set of secrets and all users edit the same set of secrets at a given time.
Secrets Manager implements edit sessions every time you edit secrets inside a secret group to guarantee service of a consistent set of secrets. Secrets Manager ensures that operations are not interrupted while you are modifying secrets.
For example, when you edit a secret group, other users are locked out while you edit the necessary security objects inside the secret group.
While the edit session is open, Secrets Manager serves the same secrets it served before you opened the edit session. This guarantees that any redeployed application still sees the same secret group even while you are modifying it.
After you complete your changes, the secret group is updated with all the secrets that Secrets Manager will serve to all applications that are redeployed after that point.
When a user edits a secret group, the name of the user who is currently editing the secret group is displayed. If the user who is editing the secret group leaves the edit session open and is not available to cancel the edit session, you can click the Cancel Edit button to clear that user’s session.
|If you cancel a user’s edit, it deletes all that user’s changes.|