docs(add): encryption key step

nerda-codes · nerda-codes · commit e7ca23198d08 · 2025-06-19T17:55:17.000+02:00
diff --git a/pages/secret-manager/how-to/create-secret.mdx b/pages/secret-manager/how-to/create-secret.mdx
@@ -7,13 +7,15 @@ content:
   paragraph: Discover how to efficiently create secrets using Scaleway's Secret Manager. Follow these step-by-step instructions whether you are setting up your first secret or adding more to your existing resources.
 tags: secret sensitive-data storage-system secret-type
 dates:
-  validation: 2025-01-13
+  validation: 2025-06-17
   posted: 2023-02-21
 categories:
   - identity-and-access-management
 ---
 
-The [secret](/secret-manager/concepts/#secret) creation process slightly differs depending on whether you are using Secret Manager for the first time or not. This page explains how to create a [secret](/secret-manager/concepts/#secret) for the first time using the [Scaleway console](https://console.scaleway.com) and how to create a secret if you have already created resources in Secret Manager.
+The [secret](/secret-manager/concepts/#secret) creation process slightly differs depending on whether you are using Secret Manager for the first time or not. Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing [Key Manager](/key-manager) key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards.
+
+This page explains how to create a [secret](/secret-manager/concepts/#secret) for the first time using the [Scaleway console](https://console.scaleway.com) and how to create a secret if you have already created resources in Secret Manager.
 
 <Macro id="requirements" />
 
@@ -22,70 +24,75 @@ The [secret](/secret-manager/concepts/#secret) creation process slightly differs
 
 <Tabs id="install">
   <TabsTab label="Create your first secret">
+      1. Click **Secret Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+      2. In the **Region** drop-down, select the [region](/secret-manager/concepts/#region) in which you want to store your secret.
+          <Message type="important">
+          Secrets cannot be moved from one region to another after creation.
+          </Message>
+      3. Click **+ Create secret**.
+      4. Add your secret:
+          - Choose whether to add your secret manually or import it.
+              <Message type="note">
+              The maximum file size for your secret is 64 KiB.
+              </Message>
+          - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value.
+      5. Choose a Key Manager encryption key:
+          - Scaleway-managed encryption key: requires no configuration on your side.
 
-
-    1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
-    2. Click **+ Create secret**.
-    3. Choose the [region](/secret-manager/concepts/#region) in which you want to create your secret.
+          - Manually-managed encryption key: an existing [Key Manager](/key-manager) key you have previously created.
+      6. Choose a [path](/secret-manager/concepts/#path) for your secret.
           <Message type="important">
-           Secrets cannot be moved from one region to another after creation.
+          A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash.
           </Message>
-    4. Add your secret:
-        - Choose whether to add your secret manually or import it from a file.
-            <Message type="note">
-            The maximum file size for your secret is 64 KiB.
-            </Message>
-        - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value.
-    5. Create a [path](/secret-manager/concepts/#path) in which to store your secret. The path name **must be prefixed** with a slash.
-    6. Enter a name for your secret and add optional tags.
-    7. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
-    8. Optionally, click <Icon name="toggle" /> next to **Single access** or **Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
+      7. Enter a name for your secret, a description, and optional tags.
+      8. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
+      9. Optionally, click <Icon name="toggle" /> next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
           <Message type="important">
-           - **Single access**: allows you to set your secret versions to **expire after one single access**.
-           - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
-           - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied.
-           - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions, even those created subsequently.
+          - **Single access**: allows you to set your secret versions to **expire after one single access**.
+          - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
+          - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied.
+          - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently).
+          </Message>
+      10. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc.
+          <Message type="note">
+          - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret.
+          - Your path and secret are created on the go.
           </Message>
-    9. Click **Create secret**. The **Overview** tab of your secret displays.
-
-      <Message type="note">
-       - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret.
-       - Your path and secret are created on the go.
-      </Message>
-
   </TabsTab>
   <TabsTab label="Create more secrets">
-    1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
-    2. Select your desired [region](/secret-manager/concepts/#region) in the **Region** drop-down.
-          <Message type="important">
-           Secrets cannot be moved from one region to another after creation.
-          </Message>
-    3. Click **+ Create secret**.
-    4. Add your secret:
-        - Choose whether to add your secret manually or import it from a file.
+      1. Click **Secret Manager** in the **Security and Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
+      2. Select your desired [region](/secret-manager/concepts/#region) in the **Region** drop-down.
+            <Message type="important">
+            Secrets cannot be moved from one region to another after creation.
+            </Message>
+      3. Click **+ Create secret**.
+      4. Add your secret:
+          - Choose whether to add your secret manually or import it from a file.
             <Message type="note">
             The maximum file size for your secret is 64 KiB.
             </Message>
-        - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value.
-    5. Choose a [path](/secret-manager/concepts/#path) for your secret:
-        - Enter an existing [path](/secret-manager/concepts/#path).
-        - Create a new path. The path name **must be prefixed** with a slash.
-    6. Enter a name for your secret and add optional tags.
-    7. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
-    8. Optionally, click <Icon name="toggle" /> next to **Single access** or **Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
+          - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value.
+      5. Choose a Key Manager encryption key:
+          - Scaleway-managed encryption key: requires no configuration on your side.
+
+          - Manually-managed encryption key: an existing Key Manager key you have previously created.
+      6. Choose a [path](/secret-manager/concepts/#path) for your secret:
+          - Enter an existing [path](/secret-manager/concepts/#path).
+
+          - Create a new path. The path name **must be prefixed** with a slash.
+      7. Enter a name for your secret, a description, and optional tags.
+      8. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
+      9. Optionally, click <Icon name="toggle" /> next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
           <Message type="important">
-           - **Single access**: allows you to set your secret versions to **expire after one single access**.
-           - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
-           - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied.
-           - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently).
+            - **Single access**: allows you to set your secret versions to **expire after one single access**.
+            - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
+            - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied.
+            - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently).
+          </Message>
+      10. Click **Create secret**. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc.
+          <Message type="note">
+           - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret.
+           - If you have created a path that did not exist yet, your path and secret are created on the go.
           </Message>
-    9. Click **Create secret**. The **Overview** tab of your secret displays.
-        <Message type="note">
-         - The value of your secret is stored in its first version, which is enabled by default. At creation, your secret only has one version. Find out [how to add more versions](/secret-manager/how-to/create-version/) to your secret.
-         - If you have created a path that did not exist yet, your path and secret are created on the go.
-       </Message>
-
   </TabsTab>
 </Tabs>
-
-
diff --git a/pages/secret-manager/quickstart.mdx b/pages/secret-manager/quickstart.mdx
@@ -6,11 +6,13 @@ content:
   h1: Secret Manager - Quickstart
   paragraph: Learn how to quickly set up and manage secrets with Scaleway's Secret Manager. Follow our step-by-step guide to create secrets, define paths, and add versions effortlessly.
 dates:
-  validation: 2025-06-13
+  validation: 2025-06-17
   posted: 2023-02-21
 ---
 
-In this quickstart, we show you how to create a [secret](/secret-manager/concepts/#secret) within a [path](/secret-manager/concepts/#path), and how to add [versions](/secret-manager/concepts/#version) to your newly-created secret.
+Upon secret creation, you are prompted to choose a Scaleway-managed encryption key or specify an existing [Key Manager](/key-manager) key which will encrypt your data. This allows for secure and flexible encryption of your data, compliant with industry standards.
+
+In this quickstart, we show you how to create a [secret](/secret-manager/concepts/#secret) within a [path](/secret-manager/concepts/#path), how to add an existing or a new [Key Manager](/key-manager) key. Then we show you how to add [versions](/secret-manager/concepts/#version) to your newly-created secret.
 
 ## Console overview
 Discover the Secret Manager interface on the Scaleway console.
@@ -24,31 +26,34 @@ Discover the Secret Manager interface on the Scaleway console.
 ## How to create a secret
 
 1. Click **Secret Manager** in the **Security & Identity** section of the [Scaleway console](https://console.scaleway.com/) side menu.
-2. Click **+ Create secret**.
-3. Choose the [region](/secret-manager/concepts/#region) in which you want to store your secret.
+2. In the **Region** drop-down, select the [region](/secret-manager/concepts/#region) in which you want to store your secret.
     <Message type="important">
      Secrets cannot be moved from one region to another after creation.
     </Message>
+3. Click **+ Create secret**.
 4. Add your secret:
-    - Choose whether to add your secret manually or import it from a file.
+    - Choose whether to add your secret manually or import it.
         <Message type="note">
          The maximum file size for your secret is 64 KiB.
         </Message>
     - Choose a [secret type](/secret-manager/concepts/#secret-types) and enter or upload your secret value.
-5. Choose a [path](/secret-manager/concepts/#path) for your secret.
+5. Choose a Key Manager encryption key:
+    - Scaleway-managed encryption key: requires no configuration on your side.
+    - Manually-managed encryption key: an existing Key Manager key you have previously created.
+6. Choose a [path](/secret-manager/concepts/#path) for your secret.
     <Message type="important">
       A [path](/secret-manager/concepts/#path) is the directory structure to access your secrets and their [versions](/secret-manager/concepts/#version). Each path **must be prefixed** with a slash.
     </Message>
-6. Enter a name for your secret and add tags (optional).
-7. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
-8. Optionally, click <Icon name="toggle" /> next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
+7. Enter a name for your secret and add tags (optional).
+8. Optionally, click <Icon name="toggle" /> to enable [secret protection](/secret-manager/concepts/#secret-protection).
+9. Optionally, click <Icon name="toggle" /> next to **Enable single access** or **Enable Time to Live** to apply an [ephemeral policy](/secret-manager/concepts/#ephemeral-policy) to your secret and its versions.
     <Message type="important">
      - **Single access**: allows you to set your secret versions to **expire after one single access**.
      - **Time to Live**: allows you to set a time frame of up to one year, during which your secret versions are valid and accessible.
      - The ephemeral policy can only be applied to a secret at creation, and **cannot be removed** once applied.
      - Once applied to a secret, the ephemeral policy's settings will be applied to all the secret's versions (even those created subsequently).
     </Message>
-9. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays.
+10. Check the estimated cost and click **Create secret** to confirm. The **Overview** tab of your secret displays with information such as the region of your secret, its encryption key, the secret's ID, etc.
 
     <Message type="note">
       - You have created a secret on the go. The value of your secret is stored in its first version, which is [enabled](/secret-manager/concepts/#enabling-a-version) by default. At creation, your secret only has one version. Keep reading our quickstart to find out how to add more versions to your secret.
