Learning Library

← Back to Library

IBM Cloud Secrets Manager Overview

2m • Unknown Channel • security • deep-dive • beginner • Watch on YouTube ↗

Key Points

IBM Cloud Secrets Manager, built on open‑source HashiCorp Vault, provides a centralized, managed service for creating, storing, rotating, and revoking a wide range of secrets such as IAM API keys and user credentials.
The service integrates with other IBM Cloud offerings (e.g., private catalogs) to deliver in‑context secret retrieval and supports leasing to grant temporary access to applications or team members.
By operating as a fully managed, single‑tenant solution, it eliminates the need for customers to maintain Vault operators or underlying infrastructure while ensuring data is isolated and encrypted both at rest (using customer‑supplied root keys from IBM Key Protect) and in transit via TLS.
Secrets can be cryptographically deleted upon instance removal, giving enterprises confidence in data protection and compliance while maintaining development velocity in cloud‑native environments.

Sections

00:00:00 Introducing IBM Cloud Secrets Manager - A brief overview of IBM Cloud Secrets Manager—an IBM‑managed, HashiCorp Vault‑based service that centralizes the secure generation, storage, rotation, revocation, and leasing of various secrets, integrates with IBM Cloud resources, and simplifies secret handling for developers and security teams.

Full Transcript

# IBM Cloud Secrets Manager Overview **Source:** [https://www.youtube.com/watch?v=rOp7aGyavnk](https://www.youtube.com/watch?v=rOp7aGyavnk) **Duration:** 00:02:49 ## Summary - IBM Cloud Secrets Manager, built on open‑source HashiCorp Vault, provides a centralized, managed service for creating, storing, rotating, and revoking a wide range of secrets such as IAM API keys and user credentials. - The service integrates with other IBM Cloud offerings (e.g., private catalogs) to deliver in‑context secret retrieval and supports leasing to grant temporary access to applications or team members. - By operating as a fully managed, single‑tenant solution, it eliminates the need for customers to maintain Vault operators or underlying infrastructure while ensuring data is isolated and encrypted both at rest (using customer‑supplied root keys from IBM Key Protect) and in transit via TLS. - Secrets can be cryptographically deleted upon instance removal, giving enterprises confidence in data protection and compliance while maintaining development velocity in cloud‑native environments. ## Sections - [00:00:00](https://www.youtube.com/watch?v=rOp7aGyavnk&t=0s) **Introducing IBM Cloud Secrets Manager** - A brief overview of IBM Cloud Secrets Manager—an IBM‑managed, HashiCorp Vault‑based service that centralizes the secure generation, storage, rotation, revocation, and leasing of various secrets, integrates with IBM Cloud resources, and simplifies secret handling for developers and security teams. ## Full Transcript

0:00Hi, I'm Alex Greer with the IBM Cloud team. Today I want to talk aboutIBM Cloud Secrets 0:04Manager. But, before I get into it, don't forget to hit that "Subscribe" button! 0:09As enterprises build more microservices and become globally distributed, securing your application 0:14secret data becomes much more complex. As we saw before in my previous video, secrets management 0:20services enable the secure management of digital credentials that ultimately allow entities 0:25to securely interact with services.IBM Cloud Secrets Manager is a service based on open-source 0:31HashiCorp Vault designed to securely manage the lifecycle of Secrets, such as IAM API Keys, 0:37User credentials, or different forms of arbitrary text. This allows IT security leaders to dream big 0:44about their cloud native application future without being concerned about data breaches 0:48from mismanaged credentials, or losing velocity in their developer operations while securing secrets. 0:54Secrets Manager centralizes the experience of generating, storing, rotating, and revoking 1:00multiple types of secrets from a single pane of glass. Integrations with other services such 1:05as your private catalogs in IBM Cloud enables the retrieval of your secrets in-context when 1:11you need them, streamlining your workflows. Through leasing, it even allows for you to give 1:16an application or a team member temporary access to a service to complete their respective task. 1:22As a managed service, Secrets Manager offers much of the same benefit of an on-premise deployment of 1:28Vault without the hassle of having to maintain its tricky operators, or manage and ultimately operate 1:33its underlying infrastructure. This allows you to keep your desired security posture at scale, 1:39while we take care of the rest. A critical element of Secrets Manager that makes it’s so powerful 1:45is its unique trust model. Built for enterprises that have very little tolerance for any sort of 1:50data vulnerabilities but need the velocity provided by the cloud. This model starts by 1:55allowing you to seal your vault and encrypt all of your hosted secrets with your own root encryption 2:00key. For example — one of your existing FIPS compliant keys from IBM Key Protect, 2:08giving you ownership of your data. Next, your data is protected in transit through TLS — Your vault 2:15as well as the UI and APIs you use to interact with it are all single-tenant. Meaning, your 2:21data is isolated in your own dedicated silo and doesn’t rely on any shared components. And…should 2:28you decide to delete your instance you have the peace of mind that your data is cryptographically 2:33deleted. Thanks for listening to this introduction of IBM Cloud Secrets Manager. To get started 2:38with improving the security of your secrets come check us out in the IBM Cloud catalog.