Access Keys (Access Key ID/Secret Access Key) are credentials used to authenticate your identity when accessing certain cloud services via development tools (APIs, SDKs). They cannot be used to log in to the console. The system identifies the user via the AK and verifies the request's signature using the SK. Through encrypted signature verification, the confidentiality and integrity of the request, as well as the authenticity of the requester, are ensured.
Description:
Currently, the cloud services that support access via AK/SK include Object Storage Service (OBS).
If an IAM user cannot log in to the console but needs to use access keys—or if their access keys are lost—an administrator can manage the IAM user's access keys in IAM.
The administrator can click on the user name in the IAM user list to enter the user details page, then select the Security Setting tab on the right to add or delete the user's access keys.
Description:
l The Security Setting feature provided by IAM allows administrators to manage the access keys of IAM users. Access keys can also be managed in My Credentials, which is available to all users who can log in to the console, enabling them to manage their own access keys.
l The access keys of the account and IAM users are separate identity credentials. This means that the account and IAM users can only use their own access keys for API calls.
l Adding and Downloading an Access Key
n Click Create AccessKey.
n If operation protection is enabled, the administrator must enter a verification code or password.
n Click Confirm to generate and download the access key, then provide it to the user.
Description:
Each user can have a maximum of two access keys, which are permanently valid by default. Security Recommendation: To enhance account security, administrators should regularly rotate users' access keys
l Deleting an Access Key
n Click Delete.
n If operation protection is enabled, the administrator must enter a verification code or password.
n Click Confirm.
l Enabling/Disabling an Access Key
The newly created access key is enabled by default. To disable it, follow these steps:
n On the AccessKey tab, click Close next to the access key you want to deactivate.
n If operation protection is enabled, you will need to enter a verification code or password. Then, click Confirm to disable the access key.
Enabling an access key follows a similar process to disabling. Please refer to the steps above.