Best practices for using Secrets Manager

Review the following suggested guidelines for implementing best practices around your secrets management with IBM Cloud® Secrets Manager.

• IBM Cloud® Secrets Manager is a regional service. Provision Secrets Manager instances per region to spread your workloads and limit the impact of a regional outage.
• Secrets Manager is a single-tenant service. CPU and memory limits are applied per Secrets Manager instance. Those limits restrict the API request rates based on the usage pattern. As a rule of thumb, it is recommended to keep the rate below 20 req/s. Additionally, limit the number of unique clients that make requests to a single Secrets Manager instance.
• Use Secrets Manager as a cold storage. Apply caching and throttling to regulate the rate of requests to a Secrets Manager instance.
• During service failover, requests may be temporarily unavailable for up to 30 seconds. Ensure your application includes appropriate retry logic for read and write operations and timeout handling.