We’ve made it our mission to help you achieve continuous security and compliance as you build and develop on IBM Cloud.

Today, we’re taking the next step by announcing beta availability of IBM Cloud Secrets Manager.

As a security admin, your teams are often creating API keys and digital credentials of different types as they interact with the systems that require them. You’re actively looking for solutions that might help you to adhere to strict guidelines for running sensitive workloads in the public cloud. But, as your teams move data to the cloud, you’re not comfortable with storing sensitive application secrets in a multi-tenant environment. You’re concerned that with a multi-tenant secrets management service, your business won’t meet the data isolation requirements that are required for regulatory compliance.

According to the Cost Of Data Breach Report 2020 by IBM Security, compromised credentials are responsible for 19% of all data breaches that have occurred in the last year. You can help to mitigate the potential damages that are associated with compromised secrets by getting a full view of your credentials and who has access to them. And, by storing your secrets in an isolated environment, you gain the confidence that your data at rest remains isolated and secure.

What is IBM Cloud Secrets Manager?

With Secrets Manager, you can centrally manage your secrets in a single-tenant, dedicated service that is managed by both you and IBM Cloud. Built on open-source HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud. 

As shown in the previous image, you can create a Secrets Manager instance that maps to a dedicated Vault formation where your requests are handled and processed. If you’re already developing on IBM Cloud, you can save time with native cloud integrations that help you dynamically create and retrieve secrets while you work with supported IBM Cloud offerings. 

In this beta release, Secrets Manager offers support for the following types of secrets:

  • IAM credentials, which consist of a service ID and API key that are generated dynamically on your behalf.
  • Arbitrary secrets, such as custom credentials that can be used to store any type of structured or  unstructured data.
  • User credentials, such as usernames and passwords that you can use to log in to applications.

How can Secrets Manager help me?

There are several exciting use cases for Secrets Manager. As a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following service capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with your root key in IBM Key Protect to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker with LogDNA.

How can I get started?

Ready to try IBM Cloud Secrets Manager? Check out the following links to get started today:

Questions and feedback

We’d love to hear your feedback! If you have questions or comments, you can use the Feedback button on any page at cloud.ibm.com to help us learn more about your particular use case. 


More from Announcements

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…