IBM zSecure Secret Manager overview
IBM® zSecure Secret Manager automates the renewal of digital certificates used by applications running on z/OS. It renews certificates before they expire and updates them in RACF key rings used by applications to retrieve certificate material. IBM zSecure Secret Manager reduces manual effort and operational risk associated with certificate renewal while preserving existing application trust models and configuration patterns.
Why certificate renewal needs automation
Certificate lifetimes continue to shrink, which forces organizations to renew certificates more frequently. Manual renewal processes require repeated execution of complex steps, coordination across teams, and careful timing to avoid service disruption. As renewal cycles shorten, these manual processes become increasingly difficult to manage reliably.
IBM zSecure Secret Manager addresses this challenge by allowing teams to define certificate renewal policy once and rely on automated execution thereafter. The service renews certificates on a defined schedule and issues notifications that integrate with existing operational and automation workflows.
Certificates represent security‑sensitive data. IBM zSecure Secret Manager focuses on policy‑based automation of certificate renewal, integrating with IBM Vault Self-Managed for Z and LinuxONE as its private certificate authority to renew certificates and update RACF key rings.
IBM zSecure Secret Manager does not replace certificate stores, application configuration, or enterprise automation tools. Instead, it enables automated certificate renewal and provides notification events that other systems and processes can act upon.
How to get started
To understand how IBM zSecure Secret Manager simplifies secrets management, see How it works.
To install and deploy IBM zSecure Secret Manager, see Install IBM zSecure Secret Manager.
To start using IBM zSecure Secret Manager, see Getting started.