NavigationContentFooter
Jump toSuggest an edit
Was this page helpful?

Quickstart

Reviewed on 06 February 2025Published on 06 February 2025

Scaleway’s Key Manager allows you to create key encryption keys from the Scaleway console. Key encryption keys can then be used to encrypt and decrypt your encrypted data.

Before you startLink to this anchor

To complete the actions presented below, you must have:

  • A Scaleway account logged into the console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization

How to create a Key Manager keyLink to this anchor

  1. Click Key Manager in the Security and Identity section of the Scaleway console side menu.

  2. Click + Create key.

  3. Choose the region in which you want to create your key.

  4. Enter a name, a description, and optional tags for your key.

  5. Select the encryption method for your key.

    Important

    Key Manager currently only supports the AES-256 GCM symmetric encryption algorithm.

  6. Switch the «Toogle Icon» icon to disable key protection or leave it enabled.

    Note

    Key protection allows you to protect your key from accidental deletion.

  7. Click Create key. Your key’s Overview page displays.

How to create and manage a data encryption key (DEK)Link to this anchor

  1. Click Key Manager in the Security and Identity section of the Scaleway console side menu. Your keys display.

  2. Click the key for which to create a data encryption key.

  3. Scroll down to the Create data encryption key section.

  4. Click Create data encryption key. A pop-up displays with the ciphertext of your DEK.

  5. Copy and store your DEK’s ciphertext safely.

    Important
    • We recommend that you always store the ciphertext of your data encryption key rather than its plaintext.
    • While Scaleway Key Manager is responsible for generating, encrypting, and decrypting data encryption keys, it does not store, manage, or monitor them, nor does it engage in cryptographic operations with these keys. You must use and manage data encryption keys outside of Key Manager.
    • Read our documentation to understand Key Manager.

  6. Optionally, click Display plaintext to make sure that the plaintext does not contain any mistakes.

    What is the difference between ciphertext and plaintext?

    Ciphertext refers to data that has been encrypted using a cryptographic algorithm and a key. Ciphertext can be encrypted on the client side as long as the encryption key used for encryption is safely stored (in a Key Manager, for example). Unlike plaintext, ciphertext is not human-readable and cannot be understood or used without first decrypting it with the appropriate decryption key.

    Plaintext refers to unencrypted, readable data. In the context of key management, plaintext often refers to cryptographic keys or sensitive data that are stored or transmitted in an unencrypted form. This term is often used in contrast to ciphertext, which is data that has been encrypted and is not readable without decryption.

  7. Click Close.

    Important

    You are responsible for storing your DEKS, as Key Manager does not store them for you.

Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2025 – Scaleway