Skip to main content

Overview

Key Manager quotas prevent individual projects from creating excessive secrets, containers, or orders. Default values are set platform-wide; administrators override them per project.
Administrator Access Required — This operation requires the admin role. Contact your Xloud administrator if you do not have sufficient permissions.

Default Quota Reference

ResourceDefault LimitDescription
secrets20Secrets per project
orders20Certificate orders per project
containers20Containers per project
consumers20Service consumers per container
cas10Certificate Authority configurations per project

View Quotas

Show platform-wide quota defaults
openstack secret quota show

Set Quotas

Set project-specific Key Manager quotas
openstack secret quota set \
  --secrets 100 \
  --orders 50 \
  --containers 50 \
  <project-id>
Reset to platform defaults
openstack secret quota delete <project-id>
Production projects running automated certificate rotation or large service meshes may require secrets quotas in the hundreds. Monitor usage quarterly to right-size quota allocations.

Monitor Quota Usage

Count secrets in a project
openstack secret list --project <project-id> | wc -l
Count containers in a project
openstack secret container list --project <project-id> | wc -l

Next Steps

Security

Apply Key Manager security hardening policies

Backend Configuration

Configure the underlying secret store backend

Admin Troubleshooting

Diagnose quota-related errors and service issues

Key Manager User Guide

User-facing secret and container management