When you create a secret by using the IBM Hybrid Cloud Mesh console, the secret is stored
in the IBM Hybrid Cloud Mesh (Mesh) secrets manager,
which is an internal secrets manager by default.
About this task
However, you can choose to store secrets in an external secrets manager, and update the
secrets manager type to external or internal through the CLI. For more information, see Managing secrets by using the CLI.Make the Getting started steps easier by allowing Mesh
to discover your cloud infrastructure and applications. You can allow Mesh to discover your cloud infrastructure and applications by providing
some low-privileged credentials to Mesh by putting them in your
secrets manager instance. The secrets manager for internal type secret is IBM Hybrid Cloud Mesh, and the secrets manager for external type secret is IBM secrets
manager.
Procedure
-
Provision an instance of the IBM secrets manager:
- Go to the IBM Cloud console and create a cloud account, if necessary.
- On the main console page, click Create resource and search for
Secrets Manager
.
- Select a plan, enter the configuration details, accept the terms, and click
Create.
-
Create an API key for the IBM Cloud service ID that has read-access to the secrets that you
provide to Mesh
-
Note the value of the API key and substitute it for
<your-secrets-manager-api-key>
when you configureMesh discovery. For more information, see Discovering cloud infrastructure.