We’ve made it our mission to help you achieve continuous security and compliance as you build and develop on IBM Cloud.

Today, we’re taking the next step by announcing beta availability of IBM Cloud Secrets Manager.

As a security admin, your teams are often creating API keys and digital credentials of different types as they interact with the systems that require them. You’re actively looking for solutions that might help you to adhere to strict guidelines for running sensitive workloads in the public cloud. But, as your teams move data to the cloud, you’re not comfortable with storing sensitive application secrets in a multi-tenant environment. You’re concerned that with a multi-tenant secrets management service, your business won’t meet the data isolation requirements that are required for regulatory compliance.

According to the Cost Of Data Breach Report 2020 by IBM Security, compromised credentials are responsible for 19% of all data breaches that have occurred in the last year. You can help to mitigate the potential damages that are associated with compromised secrets by getting a full view of your credentials and who has access to them. And, by storing your secrets in an isolated environment, you gain the confidence that your data at rest remains isolated and secure.

What is IBM Cloud Secrets Manager?

With Secrets Manager, you can centrally manage your secrets in a single-tenant, dedicated service that is managed by both you and IBM Cloud. Built on open-source HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud. 

As shown in the previous image, you can create a Secrets Manager instance that maps to a dedicated Vault formation where your requests are handled and processed. If you’re already developing on IBM Cloud, you can save time with native cloud integrations that help you dynamically create and retrieve secrets while you work with supported IBM Cloud offerings. 

In this beta release, Secrets Manager offers support for the following types of secrets:

  • IAM credentials, which consist of a service ID and API key that are generated dynamically on your behalf.
  • Arbitrary secrets, such as custom credentials that can be used to store any type of structured or  unstructured data.
  • User credentials, such as usernames and passwords that you can use to log in to applications.

How can Secrets Manager help me?

There are several exciting use cases for Secrets Manager. As a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following service capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with your root key in IBM Key Protect to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker with LogDNA.

How can I get started?

Ready to try IBM Cloud Secrets Manager? Check out the following links to get started today:

Questions and feedback

We’d love to hear your feedback! If you have questions or comments, you can use the Feedback button on any page at cloud.ibm.com to help us learn more about your particular use case. 

More from Announcements

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

Probable Root Cause: Accelerating incident remediation with causal AI 

5 min read - It has been proven time and time again that a business application’s outages are very costly. The estimated cost of an average downtime can run USD 50,000 to 500,000 per hour, and more as businesses are actively moving to digitization. The complexity of applications is growing as well, so Site Reliability Engineers (SREs) require hours—and sometimes days—to identify and resolve problems.   To alleviate this problem, we have introduced the new feature Probable Root Cause as part of Intelligent Incident…

Reflecting on IBM’s legacy of environmental innovation and leadership

4 min read - Upholding a legacy of more than 50 years of environmental responsibility through our company’s actions and commitments, IBM continues to be a leader in driving sustainability for our business, our communities and our clients—including a 34-year history of annual, public environmental reporting, which we continue today. As a hybrid cloud and artificial intelligence (AI) company, we believe that leveraging technology is key to unlocking impact, and it will play a substantial role in how society addresses, adapts to, and overcomes…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters