Centralized, secure secret and certificate management for your entire Polystack cloud infrastructure.Documentation Index
Fetch the complete documentation index at: https://docs.polystack.tech/llms.txt
Use this file to discover all available pages before exploring further.
Polystack Key Manager
Product details and datasheet on polystack.tech
Polystack Key Manager
User Guide
Store secrets and credentials, manage certificate containers, issue certificate orders, and configure access control lists for your Polystack Key Manager resources.
Admin Guide
Configure secret store backends, manage transport keys, enforce quotas, and apply security hardening policies for the Key Manager service.
CLI Reference
openstack secret commands for managing secrets, containers, orders, and ACLs from the command line.TLS Integration
Store TLS certificates in Key Manager and reference them directly from Load Balancer HTTPS listeners for centralized certificate lifecycle management.
Key Features
Secret Storage
Securely store passwords, API keys, encryption keys, and arbitrary binary secrets. All secrets are encrypted at rest using the configured backend store.
Certificate Management
Store and manage TLS/SSL certificates with their associated private keys and certificate chains. Reference directly from Load Balancer and other services.
Access Control Lists
Fine-grained ACLs control which users and projects can read or manage each secret. Delegate access without exposing credentials.
Certificate Orders
Automate certificate issuance through configured Certificate Authority plugins. Track order status and retrieve issued certificates programmatically.
Transport Key Encryption
Client-side secret encryption using transport keys prevents secrets from ever appearing in plaintext on the network — even during upload.
Multi-Backend Support
Plug in industry-standard backends including local encryption, hardware security modules (HSMs), and KMIP-compliant key management appliances.
Key Manager Components
| Component | Description |
|---|---|
| Secret | An encrypted payload — passwords, API keys, certificates, private keys, or arbitrary binary data |
| Container | A named grouping of related secrets (e.g., a certificate + private key + CA chain) |
| Order | An asynchronous request to generate or issue a key or certificate via a CA plugin |
| Transport Key | An asymmetric key pair used to encrypt secrets client-side before transmission |
| ACL | Access Control List defining per-user and per-project read/write permissions on a secret |
| Secret Store | The backend encryption provider (simple crypto, PKCS#11 HSM, KMIP) |
Related Services
Polystack Load Balancer
Reference TLS certificate containers in HTTPS listener configuration
Polystack Compute
Encrypt instance storage volumes with keys managed in Key Manager
Polystack DNS
Store DNSSEC signing keys as secrets for automated zone signing
Polystack Object Storage
Server-side encryption of object containers with customer-managed keys
Polystack Identity
RBAC policies and trust delegation for Key Manager resource access
Polystack Block Storage
Volume encryption using keys managed and rotated through Key Manager
Getting Started
Authentication
Configure Dashboard access and CLI credentials before working with Key Manager
User Guide
Step-by-step instructions for storing your first secret