IBM Cloud Secrets Manager

Centrally manage your secrets in a single-tenant, dedicated instance
Manage the lifecycle of secrets

With IBM Cloud® Secrets Manager, you can create secrets dynamically and lease them to applications while you control access from a single location. Powered by HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud.

Which data security service is best for me?
Benefits
Powered by HashiCorp Vault
  • Get Secure Secret Storage, Data Encryption, PKI
  • Configured with unique Secret Engines and an IAM Auth Engine
  • Built for high availability with seamless failover across three regional data centers
Secure by default

Built-in, essential security across all IBM Cloud platform and infrastructure services. 

Learn more
Compliance
  • ISO 27k, SOC, PCI-DSS, GDPR, ISMAP (Japan), C5 (Germany), ENS High (Spain)
  • IBM Cloud Framework for Financial Services
Learn more
Centralize dynamic and static secrets
  • Manage multiple types of secrets from a single service
  • Create and lease your secrets on demand to control their lifespan
Single Tenancy

Single-tenant data isolation via Vault 

Logging and monitoring

Monitor access and produce audit reports

Protect secrets at rest

Enhance the security of stored secrets with IBM® Key Protect

Public Key Infrastructure backed by Hardware Security Module

Create and manage trusted certificates securely using built-in protection

Product features
Dashboard
  • Manage API keys, credentials, certificates and more within one rich UI
  • Auto rotation and access control
Secrets groups

Manage access policies at enterprise scale

Notifications

Configure with Event Notifications Service to receive secrets life-cycle events

Locks

Create locks on secrets to prevent them from being deleted or modified while in use

Certificates Management
  • Use the imported certificate type to create private keys and CSRs, and manage all your secrets in one secure, dedicated space
  • SSL, TLS, PKI, public and private
  • Supported by lets encrypt certificate authority
Custom credentials

A customizable set of parameters that define how a secret interacts with a credentials` provider—powered by a Code Engine job implementation

Use Cases

Security posture Secret data isolation Enterprise scale Automated integrations
Next Steps

Start at no charge or register for an IBM Cloud account.

Get started for free Register for an account