IBM Cloud Secrets Manager

Manage the lifecycle of secrets

With IBM Cloud® Secrets Manager, you can create secrets dynamically and lease them to applications while you control access from a single location. Built on open source HashiCorp Vault, Secrets Manager helps you get the data isolation of a dedicated environment with the benefits of a public cloud.

Product features

Get centralized secrets management.

Single-tenant management

Secure secrets at rest in your own dedicated vault.

Dashboard

Manage API keys, credentials and more within one UI.

Logging and monitoring

Monitor access and produce audit reports.

Secrets groups

Manage access policies at enterprise scale.

Benefits

Centralize secrets

Manage multiple types of secrets from a single service.

Define access in groups

Use secret groups to organize and tighten access to secrets.

Dynamic secret creation

Create and lease your secrets on demand to control their lifespan.

Protect secrets at rest

Enhance the security of stored secrets with IBM® Key Protect.

Monitor and audit activity

Track user and application interaction with secrets.

Import secrets

Extend existing secrets management infrastructure by securely importing secrets.

Use cases

Generating IBM Cloud API keys

Generate IBM Cloud API keys for services or users when you need them with our specialized secret engine. These keys can also be stored, rotated, revoked, or even leased if you only want to provide temporary access for other team members or services. IBM Cloud API keys, in combination with the right identity and access management (IAM) policy, enable access to cloud object storage, continuous delivery and other platform services.

Resources

Get started

Learn how to store and manage a username and password in Secrets Manager.

Learn how to securely store secrets and prevent data breaches from mismanaged credentials.

FAQs for Secrets Manager

Check out users’ frequently asked questions.