July 6, 2021 By Alex Greer 3 min read

We’re excited to announce that you can now store, retrieve and manage TLS certificates (along with your other cloud secrets) in a single service.

As a security architect or CISO, seamlessly managing the lifecycle of your secrets and protecting your highly sensitive data through workload isolation are two of the most critical areas to solve for when securing your solution.

With IBM Cloud Secrets Manager, you can now centralize all of your application secrets — including your TLS certificates — in a single service, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. Together with its growing list of security and compliance capabilities, the ability to secure the endpoints and connections between your applications and the public Internet is now more secure than ever with IBM Cloud.

Centralize your certificates with Secrets Manager

There are several exciting benefits to using Secrets Manager as a central repository for your TLS certificates. The data isolation that the service provides, in combination with its built-in encryption options for protecting secrets at rest, gives you the end-to-end data security that you need to host certificates of any sensitivity on IBM Cloud. 

If you’re a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following Secrets Manager capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types, including TLS certificates, from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team, or which service ID, has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

As part of the latest release, you can use Secrets Manager to store existing certificates that are issued and signed by external certificate authorities. When support for notifications and requesting certificates from third-party certificate authorities becomes available, we’ll let you know so that you can start planning the next phase of your team’s Secrets Manager-powered story. Stay tuned!

Ready to get started?

New to Secrets Manager? Start by provisioning an instance of the service in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud or you might consider learning more about the best practices for organizing secrets and assigning access.

If you’re working from an existing instance, you can go to Secrets > Add > SSL/TLS certificates to add your first certificate. Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket, or reach out directly through email. 

If you’ve made it this far and have more questions about Secrets Manager, we’ve got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

More from Announcements

IBM and SAP unlock business and industry value with new generative AI solutions 

3 min read - IBM Consulting is delivering on our commitment to co-innovate with SAP and collaborate with our clients. As part of our Value Generation Partnership initiative announced earlier this month with SAP, we are releasing the first 10 of 100 planned AI solutions to help clients transform their industries, optimize their business processes and successfully deliver their SAP programs.  Delivering AI business and industry innovation at scale  With the recently announced Value Generation Partnership initiative, IBM and SAP are co-innovating intelligent industry…

IBM SevOne 7.0: Reaching application-centric multicloud network observability  

2 min read - As enterprises increasingly rely on network connectivity to support cloud-based applications and remote workers, network managers require new methods to monitor and safeguard connectivity across diverse environments, including corporate networks, software-defined WANs and multiple public cloud providers.   According to the recent EMA Network Megatrends Report, responding network professionals believe that 53% of network outages and performance issues could be prevented with improved network management tools, yet only 9% find it very easy to hire skilled networking personnel. This is why…

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters