Cloud
Security
July 6, 2021 By Alex Greer
Arik Shifer
Crystal Barragan
Pratheek Karnati
3 min read

We’re excited to announce that you can now store, retrieve and manage TLS certificates (along with your other cloud secrets) in a single service.

As a security architect or CISO, seamlessly managing the lifecycle of your secrets and protecting your highly sensitive data through workload isolation are two of the most critical areas to solve for when securing your solution.

With IBM Cloud Secrets Manager, you can now centralize all of your application secrets — including your TLS certificates — in a single service, while taking advantage of a powerful, single-tenant environment that provides data isolation and can scale to your needs. Together with its growing list of security and compliance capabilities, the ability to secure the endpoints and connections between your applications and the public Internet is now more secure than ever with IBM Cloud.

Centralize your certificates with Secrets Manager

There are several exciting benefits to using Secrets Manager as a central repository for your TLS certificates. The data isolation that the service provides, in combination with its built-in encryption options for protecting secrets at rest, gives you the end-to-end data security that you need to host certificates of any sensitivity on IBM Cloud. 

If you’re a security admin or DevOps team contributor, you can accelerate your development and security strategy by taking advantage of the following Secrets Manager capabilities:

  • Centralize your secrets at scale: Manage a variety of secret types, including TLS certificates, from a single service.
  • Define access with secret groups: Assign granular access to a group of secrets in your instance so that you can control who on your team, or which service ID, has access to them. 
  • Create secrets dynamically: Limit the lifespan of your secrets by creating and leasing them on-demand as you use supported IBM Cloud services.
  • Protect your secrets at rest: Manage your own encryption with a root key in IBM Key Protect or IBM Cloud Hyper Protect Crypto Services to enhance the security of your stored secrets.
  • Monitor and audit activity: Track how users and applications interact with secrets in your instance by using IBM Cloud Activity Tracker.

As part of the latest release, you can use Secrets Manager to store existing certificates that are issued and signed by external certificate authorities. When support for notifications and requesting certificates from third-party certificate authorities becomes available, we’ll let you know so that you can start planning the next phase of your team’s Secrets Manager-powered story. Stay tuned!

Ready to get started?

New to Secrets Manager? Start by provisioning an instance of the service in the IBM Cloud console. Because a dedicated instance of the service is provisioned, it can take a few minutes. While you wait, you can continue to work elsewhere in IBM Cloud or you might consider learning more about the best practices for organizing secrets and assigning access.

If you’re working from an existing instance, you can go to Secrets > Add > SSL/TLS certificates to add your first certificate. Need help? Check out the IBM Cloud documentation for detailed information about using Secrets Manager to importing your existing certificates.

Questions? Contact us

We’d love to hear from you. To send feedback, you can open a GitHub issue from a link at the top of any page in the documentation, open a support ticket, or reach out directly through email. 

If you’ve made it this far and have more questions about Secrets Manager, we’ve got you! Check out our introductory blog on Secrets Manager or take a look at the FAQs

Alex Greer
Product Manager, IBM Cloud Secrets Manager
Arik Shifer
Architect, Cloud Security Services
Crystal Barragan
Technical Writer, Cloud Security Services
Pratheek Karnati
Architect, Cloud Security Services

More from Cloud
July 2, 2024

New 4th Gen Intel Xeon profiles and dynamic network bandwidth shake up the IBM Cloud Bare Metal Servers for VPC portfolio

3 min read - We’re pleased to announce that 4th Gen Intel® Xeon® processors on IBM Cloud Bare Metal Servers for VPC are available on IBM Cloud. Our customers can now provision Intel’s newest microarchitecture inside their own virtual private cloud and gain access to a host of performance enhancements, including more core-to-memory ratios (21 new server profiles/) and dynamic network bandwidth exclusive to IBM Cloud VPC. For anyone keeping track, that’s 3x as many provisioning options than our current 2nd Gen Intel Xeon…

July 2, 2024

IBM and AWS: Driving the next-gen SAP transformation  

5 min read - SAP is the epicenter of business operations for companies around the world. In fact, 77% of the world’s transactional revenue touches an SAP system, and 92% of the Forbes Global 2000 companies use SAP, according to Frost & Sullivan.   Global challenges related to profitability, supply chains and sustainability are creating economic uncertainty for many companies. Modernizing SAP systems and embracing cloud environments like AWS can provide these companies with a real-time view of their business operations, fueling growth and increasing…

July 2, 2024

Experience unmatched data resilience with IBM Storage Defender and IBM Storage FlashSystem

3 min read - IBM Storage Defender is a purpose-built end-to-end data resilience solution designed to help businesses rapidly restart essential operations in the event of a cyberattack or other unforeseen events. It simplifies and orchestrates business recovery processes by providing a comprehensive view of data resilience and recoverability across primary and  auxiliary storage in a single interface. IBM Storage Defender deploys AI-powered sensors to quickly detect threats and anomalies. Signals from all available sensors are aggregated by IBM Storage Defender, whether they come…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters