Centrally manage your secrets in a single-tenant, dedicated instance
Manage the lifecycle of secrets
With IBM Cloud® Secrets Manager, you can create secrets dynamically and lease them to applications while you control access from a single location. Powered by HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud.
Features
Dashboard
- Manage API keys, credentials, certificates and more within one rich UI
- Auto rotation and access control
Notifications
Configure with Event Notifications Service to receive secrets life-cycle events
Certificates Management
- Use the imported certificate type to create private keys and CSRs, and manage all your secrets in one secure, dedicated space
- SSL, TLS, PKI, public and private
- Supported by lets encrypt certificate authority
Secrets groups
Manage access policies at enterprise scale
Locks
Create locks on secrets to prevent them from being deleted or modified while in use
Custom credentials
A customizable set of parameters that define how a secret interacts with a credentials` provider—powered by a Code Engine job implementation
Use Cases
The shift to cloud-native models aims to boost development speed for application teams. They expect this acceleration without compromising security and rely on their cloud provider to offer solutions that support both.
Solution: Secrets Manager integrates with DevOps tools like IBM Cloud Toolchains to provide security where teams manage secrets. Its secrets group feature and activity tracker ensure proper access control.
- Global Bank: The CISO mandates that application and user secrets must be stored separately from other enterprise secrets.
- Healthcare Group: Applications accessing sensitive patient data must ensure the cloud provider cannot access this data with hosted secrets
- Automotive Manufacturer: After moving workloads to the cloud, the company requires the same data isolation as their previous on-premise Vault instance
Solution: Financial and healthcare institutions with sensitive data, like credit histories or EHR records, have low risk tolerance. They worry about storing access credentials in a vulnerable multi-tenant environment on IBM Cloud. With Secrets Manager, they can use HashiCorp Vault for single-tenant isolation, audit access with Activity Tracker, and protect vault access with their own encryption keys via Key Protect (BYOK).
A healthcare group needs to securely manage various secrets in a single-tenant environment. They currently use multiple tools, some of which are multi-tenant, for handling API keys, user credentials, text, and certificates. They lack the time to train teams, switch between applications, and compile audit reports from different sources. They need a streamlined solution for multiple teams and a high volume of instances.
Solution: With Secrets Manager, they can securely manage API keys, user credentials, and text in one centralized service. This allows them to benefit from public cloud while maintaining single tenancy and efficiently administering policies and permissions across the company.
A large bank's cloud security team needs to help development teams securely build automated integrations between consumer lending applications and other micro-services with sensitive information. For example, a lending app needs to access another app to decide on loan approvals. The security team wants to enable this without creating vulnerabilities.
Solution: With Secrets Manager, they can generate IAM API keys, set access policies, and securely embed the API for key retrieval in their app.
Resources
Learn how to store and manage a username and password in Secrets Manager.
Learn how to securely store secrets and prevent data breaches from mismanaged credentials.
Check out users’ frequently asked questions.
Secrets management is the protection of credentials—including certificates, keys, passwords and tokens—for nonhuman users, such as apps, servers and workloads.
Related products
Monitor and control data encryption keys throughout the key lifecycle, from a single location
Address unified security, compliance and risk visibility across hybrid multicloud environments
Deploy secure, highly available clusters in a native Kubernetes experience
Comprehensive, secure and compliant identity and access management for the modern enterprise