> ## Documentation Index
> Fetch the complete documentation index at: https://docs.xloud.tech/llms.txt
> Use this file to discover all available pages before exploring further.
# Key Manager
> Securely store and manage secrets, certificates, and encryption keys in your Xloud private cloud with Xloud Key Manager — enterprise key management as a.
Centralized, secure secret and certificate management for your entire Xloud cloud infrastructure.
Product details and datasheet on xloud.tech
***
Xloud Key Manager
Store secrets and credentials, manage certificate containers, issue certificate orders, and configure access control lists for your Xloud Key Manager resources.
Configure secret store backends, manage transport keys, enforce quotas, and apply security hardening policies for the Key Manager service.
`openstack secret` commands for managing secrets, containers, orders, and ACLs from the command line.
Store TLS certificates in Key Manager and reference them directly from Load Balancer HTTPS listeners for centralized certificate lifecycle management.
***
Key Features
Securely store passwords, API keys, encryption keys, and arbitrary binary secrets. All secrets are encrypted at rest using the configured backend store.
Store and manage TLS/SSL certificates with their associated private keys and certificate chains. Reference directly from Load Balancer and other services.
Fine-grained ACLs control which users and projects can read or manage each secret. Delegate access without exposing credentials.
Automate certificate issuance through configured Certificate Authority plugins. Track order status and retrieve issued certificates programmatically.
Client-side secret encryption using transport keys prevents secrets from ever appearing in plaintext on the network — even during upload.
Plug in industry-standard backends including local encryption, hardware security modules (HSMs), and KMIP-compliant key management appliances.
***
Key Manager Components
| Component | Description |
| ------------- | ------------------------------------------------------------------------------------------------ |
| Secret | An encrypted payload — passwords, API keys, certificates, private keys, or arbitrary binary data |
| Container | A named grouping of related secrets (e.g., a certificate + private key + CA chain) |
| Order | An asynchronous request to generate or issue a key or certificate via a CA plugin |
| Transport Key | An asymmetric key pair used to encrypt secrets client-side before transmission |
| ACL | Access Control List defining per-user and per-project read/write permissions on a secret |
| Secret Store | The backend encryption provider (simple crypto, PKCS#11 HSM, KMIP) |
***
Related Services
Reference TLS certificate containers in HTTPS listener configuration
Encrypt instance storage volumes with keys managed in Key Manager
Store DNSSEC signing keys as secrets for automated zone signing
Server-side encryption of object containers with customer-managed keys
RBAC policies and trust delegation for Key Manager resource access
Volume encryption using keys managed and rotated through Key Manager
***
Getting Started
Configure Dashboard access and CLI credentials before working with Key Manager
Step-by-step instructions for storing your first secret