IBM zSecure Secret Manager installation and administration

Edit online

Install, configure, and activate IBM zSecure Secret Manager on z/OS to enable automated certificate management by using SAF, RACF, and an private certificate authority.

Overview

IBM zSecure Secret Manager installation and administration describes how to install, configure, and activate the product on z/OS.

This information describes the tasks that you perform after completing the SMP/E installation that is documented in the Program Directory (GI13-0000-00).

Use this information to prepare the runtime environment, configure system and product components, and enable certificate generation and renewal.

IBM zSecure Secret Manager integrates with SAF (System Authorization Facility) and RACF (Resource Access Control Facility) and uses an private certificate authority to issue and renew certificates.

Installation and activation overview

Set up IBM zSecure Secret Manager by installing product components, configuring runtime and product settings, and activating system services.

The setup sequence includes:

Install product files and sample libraries
Configure the runtime environment, including the started task
Configure the private certificate authority
Configure IBM zSecure Secret Manager settings, including providers and security resources
Start the system and validate certificate operations

Installation

Install IBM zSecure Secret Manager by installing the required product libraries and sample data sets.

For detailed steps, see Install IBM zSecure Secret Manager.

Configure the runtime environment

Define and configure the started task and runtime environment for IBM zSecure Secret Manager.

For detailed steps, see Configure the started task for IBM zSecure Secret Manager.

Configure the private certificate authority

Set up and configure the private certificate authority and establish connectivity with IBM zSecure Secret Manager.

For details, see Set up IBM Vault Self-Managed for Z and LinuxONE and IBM Vault Self-Managed for Z and LinuxONE PKI overview.

Configure IBM zSecure Secret Manager

Define providers, secrets, and system settings, and configure required security resources and RACF authorization.

Configuration of IBM zSecure Secret Manager also establishes integration with z/OS security services and the private certificate authority:

SAF and RACF enforce authorization and protect providers and secrets
RACF key rings manage certificates used by z/OS applications
The private certificate authority issues and renews certificates

For details, see Configure IBM zSecure Secret Manager, Configure security settings, and Configure RACF authorizations.

Activate and validate

After configuration, start IBM zSecure Secret Manager and verify that the system operates correctly.

Start the started task (see Start the IBM zSecure Secret Manager started task)
Verify system operation and validate certificate generation and renewal behavior (see Validate IBM zSecure Secret Manager runtime behavior)

Topics in this section

Use the following topics to install, configure, and operate IBM zSecure Secret Manager.