We’re excited to announce that you can now store, retrieve and manage TLS certificates (along with your other cloud secrets) in a single service.

As a security architect or CISO, seamlessly managing the lifecycle of your secrets and protecting your highly sensitive data through workload isolation are two of the most critical areas to solve for when securing your solution.

With IBM Cloud Secrets Manager, you can now centralize all of your application secrets — including your TLS certificates — in a single service, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. Together with its growing list of security and compliance capabilities, the ability to secure the endpoints and connections between your applications and the public Internet is now more secure than ever with IBM Cloud.

Centralize your certificates with Secrets Manager

There are several exciting benefits to using Secrets Manager as a central repository for your TLS certificates. The data isolation that the service provides, in combination with its built-in encryption options for protecting secrets at rest, gives you the end-to-end data security that you need to host certificates of any sensitivity on IBM Cloud. 

If you’re a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following Secrets Manager capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types, including TLS certificates, from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team, or which service ID, has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

As part of the latest release, you can use Secrets Manager to store existing certificates that are issued and signed by external certificate authorities. When support for notifications and requesting certificates from third-party certificate authorities becomes available, we’ll let you know so that you can start planning the next phase of your team’s Secrets Manager-powered story. Stay tuned!

Ready to get started?

New to Secrets Manager? Start by provisioning an instance of the service in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud or you might consider learning more about the best practices for organizing secrets and assigning access.

If you’re working from an existing instance, you can go to Secrets > Add > SSL/TLS certificates to add your first certificate. Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket, or reach out directly through email. 

If you’ve made it this far and have more questions about Secrets Manager, we’ve got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

More from Cloud

The recipe for RAG: How cloud services enable generative AI outcomes across industries

4 min read - According to research from IBM®, about 42 percent of enterprises surveyed have AI in use in their businesses. Of all the use cases, many of us are now extremely familiar with natural language processing AI chatbots that can answer our questions and assist with tasks such as composing emails or essays. Yet even with widespread adoption of these chatbots, enterprises are still occasionally experiencing some challenges. For example, these chatbots can produce inconsistent results as they’re pulling from large data…

Rethink IT spend in the age of generative AI

3 min read - It’s the burning question for today’s CIOs: what do you spend your IT budget on? Cloud costs were already a challenge—in a recent survey, 24% estimated they wasted software spend. The explosion of generative AI makes it critical for organizations to consider frameworks like FinOps and technology business management (TBM) for visibility and accountability of all tech spend. But what does this all mean in practice? How can organizations shift to a more disciplined, value-driven approach to IT spend? What…

Announcing Dizzion Desktop as a Service for IBM Virtual Private Cloud (VPC)

2 min read - For more than four years, Dizzion and IBM Cloud® have strategically partnered to deliver incredible digital workspace experiences to our clients. We are excited to announce that Dizzion has expanded their Desktop as a Service (DaaS) offering to now support IBM Cloud Virtual Private Cloud (VPC). Powered by Frame, Dizzion’s cloud-native DaaS platform, clients can now deploy their Windows and Linux® virtual desktops and applications on IBM Cloud VPC and enjoy fast, dynamic, infrastructure provisioning and a true consumption-based model.…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters