We’re excited to announce that you can now use IBM Cloud Secrets Manager to order and centrally manage domain-validated TLS certificates from Let’s Encrypt.

In a previous article, we shared how IBM Cloud Secrets Manager made it easier to manage all of your application secrets — including TLS certificates — in a single place. Today, we’re excited to announce that you can now request TLS certificates from your trusted certificate authorities, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. 

Automate your TLS certificates management

Critical in protecting your domains is being able to reliably generate and retrieve your encrypted certificates from a trusted certificate authority. In addition to the ability to import certificates and manage them, you can now directly order certificates from your own Let’s Encrypt account without having to leave Secrets Manager. Simply connect your account and tell us what you need; we’ll take it from there.


  • Connect to supported CAs and DNS providers: Enable connections between a Secrets Manager instance and your existing CA and DNS providers. In this release, you can connect your Secrets Manager instance to Let’s Encrypt and order certificates for domains that you manage in IBM Cloud Internet Services or IBM Cloud classic infrastructure
  • Order and automatically renew certificates: Request domain-validated Let’s Encrypt certificates and enable automatic rotation so that your certificates never expire.
  • Define access with secret groups: Assign granular access to a group of certificates so that you can control who on your team, or which service ID, has access to them. 
  • Protect your certificates at rest: Manage encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored certificates and their private keys.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

When support for notifications becomes available in Q4 of 2021, we’ll let you know so that you can start planning the next phase of your team’s Secrets Manager-powered story. Stay tuned!

Ready to get started?

Start by provisioning an IBM Cloud Secrets Manager service instance in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud, or you might consider learning more about the best practices for organizing secrets and assigning access.

If you’re working from an existing instance, you can go to Secrets engines > Public certificates to prepare your instance for certificate ordering. 

  1. Define the certificate authority and DNS provider that you want to use:
  2. Use your defined configurations to order a certificate:

Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to order certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket or reach out directly through email. 

If you’ve made it this far and have more questions about Secrets Manager, we’ve got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

More from Announcements

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters