Secrets manager

When you create a secret by using the IBM Hybrid Cloud Mesh console, the secret is stored in the IBM Hybrid Cloud Mesh (Mesh) secrets manager, which is an internal secrets manager by default.

About this task

However, you can choose to store secrets in an external secrets manager, and update the secrets manager type to external or internal through the CLI. For more information, see Managing secrets by using the CLI.

Make the Getting started steps easier by allowing Mesh to discover your cloud infrastructure and applications. You can allow Mesh to discover your cloud infrastructure and applications by providing some low-privileged credentials to Mesh by putting them in your secrets manager instance. The secrets manager for internal type secret is IBM Hybrid Cloud Mesh, and the secrets manager for external type secret is IBM secrets manager.

Procedure

  1. Provision an instance of the IBM secrets manager:
    1. Go to the IBM Cloud console and create a cloud account, if necessary.
    2. On the main console page, click Create resource and search for Secrets Manager.
    3. Select a plan, enter the configuration details, accept the terms, and click Create.
  2. Create an API key for the IBM Cloud service ID that has read-access to the secrets that you provide to Mesh
  3. Note the value of the API key and substitute it for <your-secrets-manager-api-key> when you configureMesh discovery. For more information, see Discovering cloud infrastructure.