Skip to main content

Secrets & Keys

Use the Vault interface to create, organize, and manage Vault items

The Vault interface allows you to view your secrets, keys, and stored Pangea Tokens in a familiar directory-style view.

Add Vault items

Add a new Vault item by completing these steps:

  1. In the Pangea Cloud interface, click Vault in the left side navigation menu.
  2. Click Secrets & Keys.
  3. Click the + New button.
  4. Select the Vault item type.
  5. A new menu displays. Continue through the menu pages filling in the relevant information.
  6. Click Save or Done after completing the entries.

Based on your selection, you may be asked if you'd like to create a Pangea-generated item or if you'd like to import an item.

You can add the following Vault items:

  • Key (symmetric and asymmetric)
  • Secret
  • Pangea Token

Manage folders

Vault items are organized into folders and subfolders. Folders are defined as part of Vault item creation and editing, with the folder property. Folders can be created by the following methods:

  • Defining a non-existent path for any Vault item
  • Clicking + New and selecting folder on the Secrets & Keys page

For example:

  1. Key1 is in folder /folder1.
  2. To create a new folder, /folder/sub_folder1, select the Secrets & Keys page.
  3. Select Key1 in the Vault items list.
  4. Click the menu icon in the side menu that displays, and select Edit.
  5. Edit the folder property of Key1 to /folder/sub_folder1.

Alternatively, you can create a new folder when adding a Vault item by typing in the desired folder name in the Folder field.

tip

If you edit the folder property of Key1, it will be moved to the designated folder.

note

A folder is removed from the Vault when it no longer contains any Vault items or sub_folders containing Vault items.

Interact with folders

Folder properties can be viewed by single-clicking the folder name. This will cause the right panel to display high-level details of the folder's contents. Folders are opened by double-clicking the folder. This will cause the folder to get added to the breadcrumb navigation above the Vault items table.

Inheritance for auto-rotation

Vault settings, such as Rotate every, Target state, and Grace period, can now be configured as inherited. This means that these settings will take on the values inherited from their parent folder. If the parent folder also employs inheritance, extending all the way to the root folder, the values for the vault item will be determined by the settings at the Vault Root Folder Settings.

The auto-rotation settings can now be configured in various ways:

  • In the item itself: You can directly assign a particular value to an item. For example, Rotate every = 1 Month shows that you configured the Rotate every setting to equal 1 Month, causing the rotation frequency to occur on a monthly basis.

  • In the folder where the item resides: If a setting is marked as inherited in an item, and the folder containing the item has a defined value for that setting, the folder's value takes precedence for the item.

  • In a parent folder: When both the item and its containing folder have inherited settings, but a parent folder also has a value for that setting, the parent folder's value is applied.

  • Using defaults for the item type/purpose: If an item inherits its settings and all the folders along the path to the root also have values inherited, the default setting for that particular item type and purpose is applied.

note

Each item type and purpose combination has its own unique default value.

The settings that can be designated as inherited include Rotate every, Target state, and Grace period.

Inherited settings automatically update when the source value is modified. For example, if you alter the value on a folder, all the items inheriting from that folder will automatically adjust their values accordingly. This same behavior applies when you modify the defaults or move an item to a different folder.

Search feature

The search bar of the Secrets & Keys page allows you to search for keys by partial name.

Clicking the Filter icon on the right side of the search input field will open the Advanced search dialog. Opening this dialog will allow you to narrow your search by:

  • Vault item type
  • Vault item ID
  • Tags
  • Folder

Vault item details

Single-clicking any Vault item will cause the right panel to display the Vault item details. Here you'll see information like purpose, algorithm, rotation policy (if one exists), tags, and metadata.

Disable a Vault item

When viewing Vault item details, you can click the toggle at the top of the right panel to change the enablement state of the selected item. Disabling a Vault item will disable the item and all versions for usage.

Edit a Vault item

Clicking the three-dot menu icon at the top of the right panel will allow you to edit your Vault item. Here you can update metadata, tags, rotation details, etc. You will not be able to modify the Vault item type, purpose, or algorithm.

Retrieve Vault item material

In the case of secrets, Pangea tokens, and asymmetric keys, you may need to retrieve key or secret material. To do this, click the three-dot menu icon at the top of the right panel and then click Copy <material type>.

  • Asymmetric keys
    • Copy public key
  • Secrets
    • Copy secret
  • Pangea Tokens
    • Copy token

Versions

To view all versions of a Vault item, click the Versions tab on the right panel. The displayed listing will show all current and previous versions of the Vault item. Each item will show the version state and an upcoming or previous rotation date when applicable.

Change a version state

Clicking the three-dot menu to the right of the Vault item version will allow you to change the version state. If the version state is changed to Compromised, you must also configure a destruction date.

Was this article helpful?

Contact us