Donutwork Docs
System & Monitoring

Key Management System (KMS)

Centralized cryptographic vault for managing app secrets, API keys, and master keys.

Key Management System (KMS)

The Donutwork KMS is your SaaS's cryptographic vault. It provides a centralized system for storing sensitive credentials, application secrets, and master keys that should never be hard-coded or stored in plain text.

Key Structure

Each KMS entry is designed for programmatic access and high security:

  • Handler: A unique alias used by your APIs or scripts to retrieve the key without exposing its actual content.
  • Content: The secret value (e.g., Stripe Secret Key, AWS Access Key, or a private certificate).
  • Whitelist (Network Isolation): Restrict key usage to specific IP addresses or CIDR ranges. If a request comes from an unauthorized IP, the KMS will block access even with valid credentials.

Security Auditing

Traceability is built into the core of the KMS. Every time a key is read or modified, an Audit Log is generated.

Audit Log Details:

  • Requester Identity: Who accessed the key.
  • Timestamp: Exactly when the access occurred.
  • Source IP: The network origin of the request.
  • Outcome: Whether the request was successful or blocked by the whitelist policy.

Use the Handler in your application code to keep your repositories clean of secrets. This allows you to rotate keys in the Donutwork dashboard without re-deploying your application.

Directory Monitor

Automate workflows and notifications by monitoring file system changes in real-time.

External Connections (Sources)

Secure SFTP/FTP management for automated remote file exchanges.

On this page

Key Management System (KMS)Key StructureSecurity AuditingAudit Log Details: