本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# 秘密管理
<a name="secrets-management"></a>

Research and Engineering Studio 會使用 維護下列秘密 AWS Secrets Manager。RES 會在環境建立期間自動建立秘密。管理員在環境建立期間輸入的秘密會輸入為參數。


| 秘密名稱 |  Description  |  產生的 RES | 管理員已輸入 | 
| --- | --- | --- | --- | 
| <envname>-sso-client-secret | 環境的單一登入 OAuth2 用戶端秘密 | ✓ |  | 
| <envname>-vdc-client-secret | VDC ClientSecret | ✓ |  | 
| <envname>-vdc-client-id | VDC ClientId | ✓ |  | 
| <envname>-vdc-gateway-certificate-private-key | 網域的自我簽署憑證私有金鑰 | ✓ |  | 
| <envname>-vdc-gateway-certificate-certificate | 網域的自我簽署憑證 | ✓ |  | 
| <envname>-cluster-manager-client-secret | cluster-manager ClientSecret | ✓ |  | 
| <envname>-cluster-manager-client-id | cluster-manager ClientId | ✓ |  | 
| <envname>-external-private-key | 網域的自我簽署憑證私有金鑰 | ✓ |  | 
| <envname>-external-certificate | 網域的自我簽署憑證 | ✓ |  | 
| <envname>-internal-private-key | 網域的自我簽署憑證私有金鑰 | ✓ |  | 
| <envname>-internal-certificate | 網域的自我簽署憑證 | ✓ |  | 
| <envname>-directoryservice-ServiceAccountUserDN | ServiceAccount 使用者的辨別名稱 (DN) 屬性。 | ✓ |  | 

下列秘密 ARN 值包含在 DynamoDB 的 `<envname>-cluster-settings`資料表中：


| 金錀 | 來源 | 
| --- | --- | 
| identity-provider.cognito.sso\$1client\$1secret |  | 
| vdc.dcv\$1connection\$1gateway.certificate.certificate\$1secret\$1arn | 堆疊 | 
| vdc.dcv\$1connection\$1gateway.certificate.private\$1key\$1secret\$1arn | 堆疊 | 
| cluster.load\$1balancers.internal\$1alb.certificates.private\$1key\$1secret\$1arn | 堆疊 | 
| directoryservice.root\$1username\$1secret\$1arn |  | 
| vdc.client\$1secret | 堆疊 | 
| cluster.load\$1balancers.external\$1alb.certificates.certificate\$1secret\$1arn | 堆疊 | 
| cluster.load\$1balancers.internal\$1alb.certificates.certificate\$1secret\$1arn | 堆疊 | 
| directoryservice.root\$1password\$1secret\$1arn |  | 
| cluster.secretsmanager.kms\$1key\$1id |  | 
| cluster.load\$1balancers.external\$1alb.certificates.private\$1key\$1secret\$1arn | 堆疊 | 
| cluster-manager.client\$1secret |  |