Understanding data portability

Data PortabilityThe ability of a service or workload to recover from rare, major incidents and wide-scale failures, such as service disruption. This includes a physical disaster that affects an entire region, corruption of a database, or the loss of a service contributing to a workload. The impact exceeds the ability of the high availability design to handle it. involves a set of tools, and procedures that enable customers to export the digital artifacts that would be needed to implement similar workload and data processing on different service providers or on-prem software. It includes procedures for copying and storing the service customer's content, including the related configuration used by the service to store and process the data, on customer's own location.

Responsibilities

IBM Cloud services provide interfaces and instructions to guide the customer to copy and store the service customer content, including the related configuration, on their own selected location.

The customer then is responsible for the use of the exported data and configuration for the purpose of data portability to other infrastructures. This can involve:

the planning and execution for setting up alternate infrastructure on on different cloud providers or on-prem software that provide similar capabilities to the IBM services
the planning and execution for the porting of the required application code on the alternate infrastructure, including the adaptation of customer's application code, deployment automation, etc.
the conversion of the exported data and configuration to format required by the alternate infrastructure and adapted applications

To find out more about responsibility ownership for using IBM Cloud® products between IBM and customer see Shared responsibilities for IBM Cloud products.

For more information about your responsibilities when using Secrets Manager, see Shared responsibilities for Secrets Manager.

Data export procedures

Secrets Manager provides mechanisms to export your content that uploaded, stored, and processed using the service.
All data available within the service can be accessed using the Secrets Manager service APIs as described in the API documentation.

To export a secret group use the Get a secret group REST API.
To export a secret use the Get a secret REST API.
To export a secret engine configuration use the Get a configuration REST API.

Exported data formats

The format of the data exported from the Secrets Manager service APIs is JSON.
The schema of the exported data is described in the Secrets Manager service API documentation.

Swagger UI.

Non exportable data

The private keys that are internally created to sign Root and Intermediate Certificate Authorities when using the Private Certificate engine are not exportable for security reasons. Use Private Certificate with HPCS Key management service to reuse your own private keys in HPCS.

Data onwership

All exported data are classified as Customer content and therefore appliy to them the full customer ownership and licensing rights, as stated in IBM Cloud Service Agreement.