Cloud
Security
July 6, 2021 By Alex Greer
Arik Shifer
Crystal Barragan
Pratheek Karnati
3 min read

We’re excited to announce that you can now store, retrieve and manage TLS certificates (along with your other cloud secrets) in a single service.

As a security architect or CISO, seamlessly managing the lifecycle of your secrets and protecting your highly sensitive data through workload isolation are two of the most critical areas to solve for when securing your solution.

With IBM Cloud Secrets Manager, you can now centralize all of your application secrets — including your TLS certificates — in a single service, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. Together with its growing list of security and compliance capabilities, the ability to secure the endpoints and connections between your applications and the public Internet is now more secure than ever with IBM Cloud.

Centralize your certificates with Secrets Manager

There are several exciting benefits to using Secrets Manager as a central repository for your TLS certificates. The data isolation that the service provides, in combination with its built-in encryption options for protecting secrets at rest, gives you the end-to-end data security that you need to host certificates of any sensitivity on IBM Cloud. 

If you’re a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following Secrets Manager capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types, including TLS certificates, from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team, or which service ID, has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

As part of the latest release, you can use Secrets Manager to store existing certificates that are issued and signed by external certificate authorities. When support for notifications and requesting certificates from third-party certificate authorities becomes available, we’ll let you know so that you can start planning the next phase of your team’s Secrets Manager-powered story. Stay tuned!

Ready to get started?

New to Secrets Manager? Start by provisioning an instance of the service in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud or you might consider learning more about the best practices for organizing secrets and assigning access.

If you’re working from an existing instance, you can go to Secrets > Add > SSL/TLS certificates to add your first certificate. Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket, or reach out directly through email. 

If you’ve made it this far and have more questions about Secrets Manager, we’ve got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

Alex Greer
Product Manager, IBM Cloud Secrets Manager
Arik Shifer
Architect, Cloud Security Services
Crystal Barragan
Technical Writer, Cloud Security Services
Pratheek Karnati
Architect, Cloud Security Services

More from Cloud
May 20, 2024

The history of the central processing unit (CPU)

10 min read - The central processing unit (CPU) is the computer’s brain. It handles the assignment and processing of tasks, in addition to functions that make a computer run. There’s no way to overstate the importance of the CPU to computing. Virtually all computer systems contain, at the least, some type of basic CPU. Regardless of whether they’re used in personal computers (PCs), laptops, tablets, smartphones or even in supercomputers whose output is so strong it must be measured in floating-point operations per…

May 15, 2024

A clear path to value: Overcome challenges on your FinOps journey 

3 min read - In recent years, cloud adoption services have accelerated, with companies increasingly moving from traditional on-premises hosting to public cloud solutions. However, the rise of hybrid and multi-cloud patterns has led to challenges in optimizing value and controlling cloud expenditure, resulting in a shift from capital to operational expenses.   According to a Gartner report, cloud operational expenses are expected to surpass traditional IT spending, reflecting the ongoing transformation in expenditure patterns by 2025. FinOps is an evolving cloud financial management discipline…

May 15, 2024

IBM Power8 end of service: What are my options?

3 min read - IBM Power8® generation of IBM Power Systems was introduced ten years ago and it is now time to retire that generation. The end-of-service (EoS) support for the entire IBM Power8 server line is scheduled for this year, commencing in March 2024 and concluding in October 2024. EoS dates vary by model: 31 March 2024: maintenance expires for Power Systems S812LC, S822, S822L, 822LC, 824 and 824L. 31 May 2024: maintenance expires for Power Systems S812L, S814 and 822LC. 31 October…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters