We’ve made it our mission to help you achieve continuous security and compliance as you build and develop on IBM Cloud.

Today, we’re taking the next step by announcing beta availability of IBM Cloud Secrets Manager.

As a security admin, your teams are often creating API keys and digital credentials of different types as they interact with the systems that require them. You’re actively looking for solutions that might help you to adhere to strict guidelines for running sensitive workloads in the public cloud. But, as your teams move data to the cloud, you’re not comfortable with storing sensitive application secrets in a multi-tenant environment. You’re concerned that with a multi-tenant secrets management service, your business won’t meet the data isolation requirements that are required for regulatory compliance.

According to the Cost Of Data Breach Report 2020 by IBM Security, compromised credentials are responsible for 19% of all data breaches that have occurred in the last year. You can help to mitigate the potential damages that are associated with compromised secrets by getting a full view of your credentials and who has access to them. And, by storing your secrets in an isolated environment, you gain the confidence that your data at rest remains isolated and secure.

What is IBM Cloud Secrets Manager?

With Secrets Manager, you can centrally manage your secrets in a single-tenant, dedicated service that is managed by both you and IBM Cloud. Built on open-source HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud. 

As shown in the previous image, you can create a Secrets Manager instance that maps to a dedicated Vault formation where your requests are handled and processed. If you’re already developing on IBM Cloud, you can save time with native cloud integrations that help you dynamically create and retrieve secrets while you work with supported IBM Cloud offerings. 

In this beta release, Secrets Manager offers support for the following types of secrets:

• IAM credentials, which consist of a service ID and API key that are generated dynamically on your behalf.
• Arbitrary secrets, such as custom credentials that can be used to store any type of structured or  unstructured data.
• User credentials, such as usernames and passwords that you can use to log in to applications.

How can Secrets Manager help me?

There are several exciting use cases for Secrets Manager. As a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following service capabilities:

• Centralize your secrets at scale: Manage a variety of secret types from a single service.
• Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team has access to them. 
• Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
• Protect your secrets at rest: Manage your own encryption with your root key in IBM Key Protect to enhance the security of your stored secrets.
• Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker with LogDNA.

How can I get started?

Ready to try IBM Cloud Secrets Manager? Check out the following links to get started today:

• Watch “What is Secrets Management?” for an introduction to secrets management
• Visit the IBM Cloud catalog to create an instance of Secrets Manager 
• Use our Getting started tutorial to get up and running with managing your secrets
• Read more about our key benefits and capabilities

Questions and feedback

We’d love to hear your feedback! If you have questions or comments, you can use the Feedback button on any page at cloud.ibm.com to help us learn more about your particular use case.