Overview
Xloud Key Manager provides a centralized, encrypted store for secrets, certificates, and cryptographic keys used across your private cloud. Secrets stored in Key Manager are encrypted at rest and access-controlled independently of the resources that consume them.Prerequisites
- An active Xloud account with appropriate permissions
- Access to the Xloud Dashboard (
https://connect.<your-domain>) or CLI configured with credentials - API credentials sourced (
source admin-openrc.sh)
Secrets stored in Key Manager are encrypted at rest. The secret payload is never
logged, echoed in API responses after creation, or exposed in plain text outside
of an explicit retrieve operation by an authorized caller.
Topics in This Guide
Store Secrets
Store passwords, API tokens, private keys, and binary payloads with type metadata
Containers
Group related secrets into named bundles — certificate, RSA, and generic types
Certificates
Store externally issued TLS certificates or order new ones through a CA plugin
Access Control (ACL)
Grant per-user or per-project read access to secrets and containers
Troubleshooting
Resolve 403 errors, expired secrets, and Load Balancer TLS container issues
Key Concepts
| Concept | Description |
|---|---|
| Secret | An encrypted payload — passwords, API keys, private keys, certificates, or binary blobs |
| Container | A named group of related secrets — commonly certificate + private key + CA chain |
| Order | An async request to generate a key or issue a certificate through a CA plugin |
| ACL | Per-secret or per-container permission rules for cross-user or cross-project access |
| Transport Key | An RSA public key used to encrypt secrets before upload for zero-plaintext transmission |
Next Steps
Key Manager Admin Guide
Configure secret store backends, transport keys, and quotas
Load Balancer
Use TLS certificate containers in HTTPS listener configuration
DNS User Guide
Configure DNSSEC with signing keys stored in Key Manager
Object Storage
Encrypt object containers with customer-managed keys from Key Manager