Getting started with Secrets Manager
This tutorial focuses on storing and managing a username and password in IBM Cloud® Secrets Manager. With Secrets Manager, you can create, lease, and centrally manage secrets that are used in IBM Cloud services or your custom-built applications. Secrets are stored in a dedicated Secrets Manager instance, built on open source HashiCorp Vault.
Looking for a different secret type? You can also create Identity and Access Management (IAM) credentials to access an IBM Cloud resource, or you can add arbitrary secrets that can hold structured or unstructured data.
Before you begin
Before you begin, be sure to create a Secrets Manager service instance in your IBM Cloud account. To complete this tutorial, you need the Manager service role or higher.
Choose a type of secret
You can get started with Secrets Manager by choosing the type of secretSensitive information, such as a password or an API key, that is used by an application to access a protected resource. that is required by the resource that you want to access. For this tutorial, complete the following steps to select a secret that contains a username and password.
-
In the console, go to Menu > Resource List.
-
From the list of services, select your instance of Secrets Manager.
-
In the Secrets table, click Add.
-
Select the User credentials tile.
You're all set to enter the details of your new secret. To describe and store your secret, continue to the next step.
Store the secret securely
When you're working with secrets, it's important to organize them in a single location so that you help to reduce the risk of compromised credentials. By storing a secret in Secrets Manager, you can manage a secret centrally, use secret groupsThe environment and constraints that contained secrets in an instance must adhere to. A user can be associated with a secret group to enable access and collaboration. to control access, and avoid coding it directly into your apps or version control systems.
Complete the following steps to enter the details of a secret and store it securely in your instance.
-
In the Add user credentials page, add a name and description to easily identify your secret.
-
Add the secret to a group to control who on your team has access to it.
You can click Create to provide a name and a description for a new group. Later, you can assign an access policy to the group so that you control who on your team has access to its contained secret.
-
Optional: Add labels to help you to search for similar secrets in your instance.
-
Supply the username and password values that you want to associate with the secret.
-
Optional: Set an expiration date for the secret.
-
Click Add.
You did it! The username and password are now stored in your dedicated, single-tenant instance of Secrets Manager.
Manage its lifecycle
After you add a secret to your instance, you can establish a regular cadence for managing its lifecycle. For example, you might need to adhere to an internal requirement or regulatory control in your business for rotating secrets every 30 days.
- In the Secrets table, click the Actions menu to open a list of options for your secret.
- To view and edit details about the secret, click Edit details.
- To rotate the secret, click Rotate.
- If you no longer need the secret, click Delete.
Next steps
Now you can add more secrets and design a secrets management strategy to control who has access to them.
- To find out more about organizing secrets, check out Best practices for organizing secrets and assigning access.