Introducing TLS Certificates Management with Single-Tenant IBM Cloud Secrets Manager 

3 min read

We're excited to announce that you can now store, retrieve and manage TLS certificates (along with your other cloud secrets) in a single service.

As a security architect or CISO, seamlessly managing the lifecycle of your secrets and protecting your highly sensitive data through workload isolation are two of the most critical areas to solve for when securing your solution.

With IBM Cloud Secrets Manager, you can now centralize all of your application secrets — including your TLS certificates — in a single service, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. Together with its growing list of security and compliance capabilities, the ability to secure the endpoints and connections between your applications and the public Internet is now more secure than ever with IBM Cloud.

Centralize your certificates with Secrets Manager

There are several exciting benefits to using Secrets Manager as a central repository for your TLS certificates. The data isolation that the service provides, in combination with its built-in encryption options for protecting secrets at rest, gives you the end-to-end data security that you need to host certificates of any sensitivity on IBM Cloud. 

If you're a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following Secrets Manager capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types, including TLS certificates, from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team, or which service ID, has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

As part of the latest release, you can use Secrets Manager to store existing certificates that are issued and signed by external certificate authorities. When support for notifications and requesting certificates from third-party certificate authorities becomes available, we'll let you know so that you can start planning the next phase of your team's Secrets Manager-powered story. Stay tuned!

Ready to get started?

New to Secrets Manager? Start by provisioning an instance of the service in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud or you might consider learning more about the best practices for organizing secrets and assigning access.

If you're working from an existing instance, you can go to Secrets > Add > SSL/TLS certificates to add your first certificate. Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket, or reach out directly through email. 

If you've made it this far and have more questions about Secrets Manager, we've got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

Be the first to hear about news, product updates, and innovation from IBM Cloud