With IBM Cloud® Secrets Manager, you can create secrets dynamically and lease them to applications while you control access from a single location. Powered by HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud.
- Get Secure Secret Storage, Data Encryption, PKI
- Configured with unique Secret Engines and an IAM Auth Engine
- Built for high availability with seamless failover across three regional data centers
Built-in, essential security across all IBM Cloud platform and infrastructure services.
- ISO 27k, SOC, PCI-DSS, GDPR, ISMAP (Japan), C5 (Germany), ENS High (Spain)
- IBM Cloud Framework for Financial Services
- Manage multiple types of secrets from a single service
- Create and lease your secrets on demand to control their lifespan
Single-tenant data isolation via Vault
Monitor access and produce audit reports
Enhance the security of stored secrets with IBM® Key Protect
Create and manage trusted certificates securely using built-in protection
- Manage API keys, credentials, certificates and more within one rich UI
- Auto rotation and access control
Manage access policies at enterprise scale
Configure with Event Notifications Service to receive secrets life-cycle events
Create locks on secrets to prevent them from being deleted or modified while in use
- Use the imported certificate type to create private keys and CSRs, and manage all your secrets in one secure, dedicated space
- SSL, TLS, PKI, public and private
- Supported by lets encrypt certificate authority
A customizable set of parameters that define how a secret interacts with a credentials` provider—powered by a Code Engine job implementation
Use Cases
The shift to cloud-native models aims to boost development speed for application teams. They expect this acceleration without compromising security and rely on their cloud provider to offer solutions that support both.
Solution: Secrets Manager integrates with DevOps tools like IBM Cloud Toolchains to provide security where teams manage secrets. Its secrets group feature and activity tracker ensure proper access control.
- Global Bank: The CISO mandates that application and user secrets must be stored separately from other enterprise secrets.
- Healthcare Group: Applications accessing sensitive patient data must ensure the cloud provider cannot access this data with hosted secrets
- Automotive Manufacturer: After moving workloads to the cloud, the company requires the same data isolation as their previous on-premise Vault instance
Solution: Financial and healthcare institutions with sensitive data, like credit histories or EHR records, have low risk tolerance. They worry about storing access credentials in a vulnerable multi-tenant environment on IBM Cloud. With Secrets Manager, they can use HashiCorp Vault for single-tenant isolation, audit access with Activity Tracker, and protect vault access with their own encryption keys via Key Protect (BYOK).
A healthcare group needs to securely manage various secrets in a single-tenant environment. They currently use multiple tools, some of which are multi-tenant, for handling API keys, user credentials, text, and certificates. They lack the time to train teams, switch between applications, and compile audit reports from different sources. They need a streamlined solution for multiple teams and a high volume of instances.
Solution: With Secrets Manager, they can securely manage API keys, user credentials, and text in one centralized service. This allows them to benefit from public cloud while maintaining single tenancy and efficiently administering policies and permissions across the company.
Solution: With Secrets Manager, they can generate IAM API keys, set access policies, and securely embed the API for key retrieval in their app.