In addition to common parameters, CloudOps Orchestration Service also supports encrypted parameters. The values stored in such parameters are encrypted by using Key Management Service (KMS). This topic describes how to create, search for, and update encrypted parameters in the parameter store of OOS.
To use encrypted parameters, make sure that the following requirements are met:
KMS is activated. For more information, see Purchase a dedicated KMS instance.
You are granted related permissions on KMS by using Resource Access Management (RAM). For more information, see Use RAM to control access to KMS resources.
Create an encrypted parameter
Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab, and then click Create Encryption Parameter.
On the Create Encryption Parameter page, configure the required parameters. The following figure shows the parameters.
Enter a parameter name in the Parameter Name field.
Enter a parameter description in the Description field.
Select a KMS key. You can select Default Service CMK or an existing customer master key (CMK). For more information, see Create a CMK.
Enter a value in the Value field.
Add constraints for the value that you enter in the Value field. You can add multiple constraints. Valid values:
Valid Value
Regular Expression
Maximum Length
Minimum Length
Click Create.
Search for encrypted parameters
Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab, and then click the search box on the right side of Create Encryption Parameter.
In the search box, select one or more search types to search for parameters. The following search types are supported:
Parameter name: If you select Parameter Name, fuzzy match is used.
Path: For example, if the parameter name is /parameter/parameter1/test, /parameter/parameter1/ is the parameter path.
Parameter path recursion: This search type indicates whether the parameter search is recursive. Default value: No. This search type must be used together with Path. If you select Parameter Path Recursion and then select Yes, you can enter /parameter/ to search for multiple parameters that start with /parameter/. The following table describes three parameters and the search results when you search for /group1 in different recursion modes.
Parameter
Recursive
Not recursive
/group1/team2/some_parameter
The parameter can be found.
The parameter cannot be found.
/group1/team1/some_parameter
The parameter can be found.
The parameter cannot be found.
/group1/some_parameter
The parameter can be found.
The parameter can be found.
Update encrypted parameters
Log on to the CloudOps Orchestration Service console.
In the left-side navigation pane, click Parameter Store. On the Parameter Store page, click the Encryption Parameters tab, find the parameter that you want to update, and then click Edit in the Actions column.
On the page that appears, enter a new value in the Value field or enter a parameter description in the Description field.
Click Save.
On the Edit History tab, you can view the history of updates to the encrypted parameter.
ImportantLimits: Only the most recent 10 updates are retained for each encrypted parameter.
Click the Edit History tab and select the Display Parameter Values check box to view the value of the encrypted parameter.