--- title: "OKMS - Shared responsibilities" description: "Shared responsibilities between OVHcloud and the customer for OVHcloud KMS and Secret Manager" url: https://docs.ovhcloud.com/it/guides/manage-and-operate/kms/raci lang: it lastUpdated: 2025-10-21 --- # OKMS - Shared responsibilities ## Objective The RACI below details shared responsibilities between OVHcloud and the customer for the OKMS service. This shared model can help relieve the customer’s operational burden. | Roles | | ------------------------------------------------------------ | | R : Is in charge of carrying out the process | | A : Accountable for the successful completion of the process | | C : Is consulted during the process | | I : Is informed of the results of the process | ### 1. Before subscription #### 1.1. Specify service as needed | **Activity** | **Customer** | **OVHcloud** | | ---------------------------------------------------------- | ------------ | ------------ | | Provide personal data needed for service subscription | RA | I | | Choose service location aligned with location of Instances | RA | I | ### 2. Service availability #### 2.1. Install the service | **Activity** | **Customer** | **OVHcloud** | | -------------------------------------------------------------------------------------------------------- | ------------ | ------------ | | Produce, route, deliver and maintain physical Instances and hosting buildings | I | RA | | Install internal functional bricks needed to maintain the Service in operational and security conditions | I | RA | #### 2.2. Reversibility model for CMK | **Activity** | **Customer** | **OVHcloud** | | ---------------------------- | ------------ | ------------ | | Import/export stored objects | RA | I | #### 2.3. Customer Information System setup | **Activity** | **Customer** | **OVHcloud** | | -------------------------------------------- | ------------ | ------------ | | Choose key type and size adapted to the need | RA | I | ### 3. Service usage #### 3.1. Operations ##### **3.1.1. Daily operations** | **Activity** | **Customer** | **OVHcloud** | | ----------------------------------------------------------------------------------- | ------------ | ------------ | | Manage data security hosted on the service (confidentiality, integrity, backups, …) | | RA | | Manage network accessibility of the Service | | RA | | Administrate the service | | RA | | Manage backups | | RA | | Administrate keys and secrets stored on the OKMS | RA | | ##### **3.1.2. Access management** | **Activity** | **Customer** | **OVHcloud** | | ------------------------------------------------------------------------ | ------------ | ------------ | | Manage access rights to the OVHcloud Control Panel | RA | I | | Manage physical and logical access to infrastructures for OVHcloud teams | I | RA | | Manage access and security policy for service users for CMK | RA | I | ##### **3.1.3. Monitoring** | **Activity** | **Customer** | **OVHcloud** | | -------------------------------------------------------- | ------------ | ------------ | | Manage and monitor the Service capacity | | RA | | Retain logs of control plane | | RA | | Monitor the proper functioning of the service | I | RA | | Maintain storage and backup devices used for the service | | RA | | Keep logs generated by the Service | RA | | ##### **3.1.4. Storage** | **Activity** | **Customer** | **OVHcloud** | | ----------------------------------------- | ------------ | ------------ | | Manage data continuity and sustainability | | RA | ##### **3.1.5. Connectivity** | **Activity** | **Customer** | **OVHcloud** | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------------ | | Manage the functioning of automatic network management systems (architecture, implementation, software and hardware maintenance for deployed public and private networks, primary IP of dedicated server) | I | RA | ##### **3.1.6. Management** | **Activity** | **Customer** | **OVHcloud** | | --------------------------------------------------------------------- | ------------ | ------------ | | Provide inventory of services used | I | RA | | Manage the security of management infrastructure (API, control plane) | | RA | ##### **3.1.7. Business continuity** | **Activity** | **Customer** | **OVHcloud** | | ------------------------------------------------------------------------- | ------------ | ------------ | | Maintain a business continuity and disaster recovery plan for the Service | I | RA | #### 3.2. Event management ##### **3.2.1. Incidents** | **Activity** | **Customer** | **OVHcloud** | | ------------------------------------------------- | ------------ | ------------ | | Handle incidents (tickets and telephone contacts) | AI | RA | | Qualify, Intervene on managed service elements | I | RA | ##### **3.2.2. Changes** | **Activity** | **Customer** | **OVHcloud** | | -------------------------------------------------------------------------------------------- | ------------ | ------------ | | Deploy patches, updates and configurations on softwares, middlewares of the Service elements | I | RA | ### 4. Reversibility #### 4.1. Reversibility Model for CMK | **Activity** | **Customer** | **OVHcloud** | | ------------------------------- | ------------ | ------------ | | Manage reversibility operations | RA | I | #### 4.2. Data recovery | **Activity** | **Customer** | **OVHcloud** | | ------------------------------------- | ------------ | ------------ | | Migrate/transfer data for KMIP object | RA | | ### 5. End of service #### 5.1. Destroy configurations | **Activity** | **Customer** | **OVHcloud** | | ----------------------------------------------------------------------- | ------------ | ------------ | | Destroy configurations at end of service following contract termination | I | RA | #### 5.2. Data destruction | **Activity** | **Customer** | **OVHcloud** | | -------------------------------------- | ------------ | ------------ | | Destroy data hosted on volumes storage | | RA |