Granting encryption key access rights
Written by
Updated at February 8, 2024
Management console
CLI
- In the management console
, select the folder where the key is stored. - In the list of services, select Key Management Service.
- In the left-hand panel, select
Symmetric keys. - Click the name of the key you need.
- Go to the
Access bindings section and click Assign bindings. - In the window that opens, click
Select subject. - Select the group, user, or service account to be granted access to the secret.
- Click
Add role and select the required roles. - Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
To assign a role for a key:
-
To a user:
yc kms symmetric-key add-access-binding \ --id <key_ID> \ --user-account-id <user_ID> \ --role <role>
Where:
-
To a service account:
yc kms symmetric-key add-access-binding \ --id <key_ID> \ --service-account-id <service_account_ID> \ --role <role>
Where:
--id
: Key ID.--service-account-id
: Service account ID.--role
: Role being assigned.
-
Warning
If you assign a group, user, or service account a role for a folder or cloud where the key is stored, all permissions of this role will also apply to the key.
For more information, see How access management works.