Build automated flows that help you safely rotate and delete secrets with IBM Cloud Secrets Manager.

In a previous article, we shared how IBM Cloud Secrets Manager can help you to create private SSL/TLS certificates and manage them centrally in a single location, along with the rest of your application secrets. Today, we’re excited to announce that you can now add locks that can help to prevent modification to secrets that can be disruptive to your applications.

New to Secrets Manager? Check out the documentation to learn more. 

What are secret locks?

By default, the secrets that you manage in Secrets Manager can be modified at any time by an authorized user or application. But, how can you prevent a secret from being accidentally deleted or misconfigured during a rotation? With secret locks, you can build automated workflows that can help you to do the following:

• Indicate that a secret is in use by one or more applications or services.
• Prevent secret data from being deleted, even after it expires.
• Safely delete older versions of a secret after the newest version is deployed.
• Avoid inadvertent downtime in your applications.

Secret locks help you to map a secret with your client or application. If a secret has a lock attached to it, it is currently being used by your application and cannot be modified or deleted until the lock is removed. 

Ready to get started?

Start by provisioning a Secrets Manager service instance in the IBM Cloud console. Because a dedicated instance is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere on IBM Cloud, or you might consider learning about best practices for rotating and locking secrets.

If you’re working from an existing instance, go to Secrets > name > Locks to create your first lock:

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the bottom of any page in the documentation, open a support ticket.