Getting started with IBM zSecure Secret Manager
IBM® zSecure Secret Manager is a z/OS service that automates certificate renewal by integrating with existing security infrastructure and IBM Vault Self-Managed for Z and LinuxONE, which serves as the private certificate authority for certificate renewal operations. You can begin using IBM zSecure Secret Manager in different ways, depending on whether the service is already installed in your environment and what you want to accomplish.
At a high level, IBM zSecure Secret Manager runs as a background service that evaluates certificate renewal policies, renews eligible certificates through IBM Vault Self-Managed for Z and LinuxONE, updates certificates in RACF, and issues notifications that integrate with existing operational workflows.
This topic provides guidance on where to start and points you to the most relevant sections of the documentation.
Automating certificate renewal
Once your environment is prepared and IBM zSecure Secret Manager is installed and running, you can start defining certificate renewal policies.
Certificate renewal policies specify which certificates are managed, when renewal occurs, and how renewal requests are processed by IBM Vault Self-Managed for Z and LinuxONE, the private certificate authority. After you define a policy, IBM zSecure Secret Manager evaluates it at runtime and renews eligible certificates automatically.
Start here if you want to focus on day‑to‑day certificate renewal activities:
Installing and configuring IBM zSecure Secret Manager
Before you can define certificate renewal policies, you must install and configure IBM zSecure Secret Manager and prepare the required infrastructure.
Start here if you are setting up IBM zSecure Secret Manager for the first time or making foundational changes to an existing installation:
- Review prerequisites
- Install IBM zSecure Secret Manager
- Configure the started task and required SAF and RACF security settings
- Set up IBM Vault Self-Managed for Z and LinuxONE
After installation and configuration, you can proceed to defining certificate renewal policies.
How IBM zSecure Secret Manager operates
IBM zSecure Secret Manager runs as a z/OS started task and operates as a background service. It evaluates certificate renewal policies periodically, interacts with RACF to manage certificates, and communicates with IBM Vault Self-Managed for Z and LinuxONE to request certificate renewal.
The service integrates with existing security and operational processes rather than replacing them. It updates certificates in RACF and issues notification messages that other automation, monitoring, or operational tools can consume to trigger follow‑on actions according to local practices.
Review this information if you want to understand the runtime behavior and integration model before defining policies or modifying system configuration.
How to get started
To understand how IBM zSecure Secret Manager simplifies secrets management, see How it works.
To install and deploy IBM zSecure Secret Manager, see Install IBM zSecure Secret Manager.