本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 密钥管理
<a name="secrets-management"></a>

研究与工程工作室使用以下秘密进行维护 AWS Secrets Manager。在创建环境期间，RES 会自动创建密钥。管理员在创建环境时输入的密钥作为参数输入。


| 密钥名称 |  说明  |  已生成的 RES | 管理员已输入 | 
| --- | --- | --- | --- | 
| <envname>-sso-client-secret | 环境单点登录 OAuth2 客户端密钥 | ✓ |  | 
| <envname>-vdc-client-secret | VDC ClientSecret | ✓ |  | 
| <envname>-vdc-client-id | VDC ClientId | ✓ |  | 
| <envname>-vdc-gateway-certificate-private-key | 域的自签名证书私钥 | ✓ |  | 
| <envname>-vdc-gateway-certificate-certificate | 域的自签名证书 | ✓ |  | 
| <envname>-cluster-manager-client-secret | 集群管理器 ClientSecret | ✓ |  | 
| <envname>-cluster-manager-client-id | 集群管理器 ClientId | ✓ |  | 
| <envname>-external-private-key | 域的自签名证书私钥 | ✓ |  | 
| <envname>-external-certificate | 域的自签名证书 | ✓ |  | 
| <envname>-internal-private-key | 域的自签名证书私钥 | ✓ |  | 
| <envname>-internal-certificate | 域的自签名证书 | ✓ |  | 
| <envname>-directoryservice-ServiceAccountUserDN |  ServiceAccount 用户的唯一判别名 (DN) 属性。 | ✓ |  | 

DynamoDB 的`<envname>-cluster-settings`表中包含以下秘密 ARN 值：


| Key | 来源 | 
| --- | --- | 
| identity-provider.cognito.sso\$1client\$1secret |  | 
| vdc.dcv\$1connection\$1gateway.certificate.certificate\$1secret\$1arn | 堆栈 | 
| vdc.dcv\$1connection\$1gateway.certificate.private\$1key\$1secret\$1arn | 堆栈 | 
| cluster.load\$1balancers.internal\$1alb.certificates.private\$1key\$1secret\$1arn | 堆栈 | 
| directoryservice.root\$1username\$1secret\$1arn |  | 
| vdc.client\$1secret | 堆栈 | 
| cluster.load\$1balancers.external\$1alb.certificates.certificate\$1secret\$1arn | 堆栈 | 
| cluster.load\$1balancers.internal\$1alb.certificates.certificate\$1secret\$1arn | 堆栈 | 
| directoryservice.root\$1password\$1secret\$1arn |  | 
| cluster.secretsmanager.kms\$1key\$1id |  | 
| cluster.load\$1balancers.external\$1alb.certificates.private\$1key\$1secret\$1arn | 堆栈 | 
| cluster-manager.client\$1secret |  |