<p class="shortdesc">The password safe can provide secure and reliable management for the sensitive data used in your application system. </p> <section class="section context" id="crtsafe__context_qxg_hfw_jlb"><div class="tasklabel"><h2 class="doc-tairway">About this task</h2></div> <p class="p">When you create a password safe, you can import your sensitive data into it. In subsequent use, you need to call the API provided by KMS to get the sensitive data. In this way, you can store your sensitive date securely and have uninterrupted access to it. Using a password safe increases the security of your data. </p> <p class="p">The following instructions describe how to get your passwords in the password safe using an API: </p> <ul class="ul" id="crtsafe__ul_hgb_3fw_jlb"> <li class="li"> <p class="p"><strong class="ph b">Business Engagement</strong></p> <p class="p">Each application accessing KMS has its own appId and appKey, which are used for identification, signing and encryption. </p> </li> <li class="li"> <p class="p"><strong class="ph b">Signature Algorithm</strong></p> <p class="p">KMS only supports the SHA256 signature algorithm: SHA256 (appId & appKey & requestTime), where the appKey is a 16-bit string randomly generated in advance in KMS and sent to you. </p> <p class="p">For example: </p> <p class="p">SHA256(APP_KMS_koZvZIHO&LzcI824P243Bt48F&20180914102400000) returns BB709E71FAE436B46BCECF71B6A1F1E559988320018198B468F49AD3FBA1702B. </p> <p class="p">In the string, the character & is a part that requires encryption. </p> </li> <li class="li"> <p class="p"><strong class="ph b">Encryption Algorithm</strong></p> <p class="p">A plaintext password is encrypted by the corresponding appKey of its appId using AES 128 before output. KMS only supports AES encryption in ECB and CBC modes. You need to decrypt the ciphertext password before using it. </p> </li> </ul> </section> <section id="crtsafe__steps_odn_mfw_jlb"><div class="tasklabel"><h2 class="doc-tairway">Procedure</h2></div><ol class="ol steps" id="crtsafe__steps_odn_mfw_jlb"><li class="li step stepexpand"> <span class="ph cmd">Log in to the <a class="xref" href="https://pinganyun.com/console/kms" target="_blank">Key Management Service Console </a>. </span> </li><li class="li step stepexpand" id="crtsafe__step_vgp_cth_flb"> <span class="ph cmd">In the left navigation pane, click <span class="ph menucascade"><span class="ph uicontrol">Password Safe </span><abbr title="and then"> > </abbr><span class="ph uicontrol">Managed Password Management</span></span>. </span> </li><li class="li step stepexpand"> <span class="ph cmd"> On the <span class="keyword wintitle">Managed password management </span>page, click <span class="ph uicontrol">+Create KeyChain </span>in the upper-right corner of the page. </span> <div class="itemgroup info"> <img class="image" id="crtsafe__image_wn1_5fw_jlb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200807112324-14056683998b.png" width="750"> <ul class="ul" id="crtsafe__ul_nbm_vfw_jlb"> <li class="li"><span class="ph uicontrol">Chinese Name</span>: Chinese name for the password safe. </li> <li class="li"><span class="ph uicontrol">English Name</span>: English name for the password safe. </li> <li class="li"><span class="ph uicontrol">Hosted Account</span>: Account that needs to be managed. </li> <li class="li"><span class="ph uicontrol">Hosted Password</span>: Password of the account that needs to be managed. </li> <li class="li"><span class="ph uicontrol">Confirm</span>: Confirm the password. </li> <li class="li"><span class="ph uicontrol">Encryption Method</span>: KMS supports RSA and SM2 encryption algorithms. </li> <li class="li"><span class="ph uicontrol">Selected Zone</span>: Select the region where you create the password safe. </li> <li class="li"><span class="ph uicontrol">KeyChain Description</span>: Description for the password safe. </li> </ul> </div> </li><li class="li step stepexpand"> <span class="ph cmd">Click <span class="ph uicontrol">Confirm</span>. </span> </li></ol></section> <section class="section result" id="crtsafe__result_izb_yfw_jlb"><div class="tasklabel"><h2 class="doc-tairway">Results</h2></div> <p class="p">The newly created password safe is displayed on the list of password safes. Click <img class="image" id="crtsafe__image_b2q_3gw_jlb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200807112324-129774d29fc7.png"> to view the password safe key. </p> <img class="image" id="crtsafe__image_yvb_bgw_jlb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200807112324-1a87f79991a4.png" width="750"> </section>