Integrations for Secrets Manager

With IBM Cloud® Secrets Manager, you can save time with platform integrations that help you to dynamically create and retrieve secrets while you work with supported IBM Cloud services.

Available integrations

The following table lists the services that can be authorized to work with Secrets Manager.

Table 1. Available integrations
Service	Supports	Description
Application Load Balancer for VPC	Certificates	Centrally manage the SSL/TLS certificates that are required for load balancers to perform SSL offloading tasks. Create an authorization between VPC Infrastructure Services and Secrets Manager to give a load balancer access to your certificates. Learn more about this integration.
App Configuration	All secret types	A property value can be imported from Secrets Manager into the App Configuration service. Learn more.
API Connect	Certificates	Store your custom domain certificates in Secrets Manager, then use certificate CRNs to bind with custom domains in API Gateway.
Catalog management	Arbitrary secrets	Centrally manage the credentials for software in your private catalogs. Learn more about this integration.
Continuous Delivery	Arbitrary secrets IAM credentials	Centrally manage the credentials for your Continuous Delivery toolchain. Create an authorization between Toolchain and Secrets Manager to give a toolchain access to your secrets. Learn more about this integration.
Data Engine	Arbitrary secrets IAM credentials	Store API keys for transferring messages between Event Streams, Data Engine and Cloud Object Storage. Learn more.
Event Notifications	Arbitrary secrets Certificates IAM credentials User credentials	Send notifications of events in Secrets Manager to other users, or human destinations, by using email, SMS, or other supported delivery channels. Learn more about this integration.
Kubernetes Service	Arbitrary secrets Certificates IAM credentials Key-value secrets User credentials	Centrally manage Ingress subdomain certificates and other secrets for your Kubernetes clusters. Learn more about this integration.
Red Hat OpenShift on IBM Cloud	Arbitrary secrets Certificates IAM credentials Key-value secrets User credentials	Centrally manage Ingress subdomain certificates and other secrets for your Red Hat OpenShift on IBM Cloud clusters. Learn more about this integration.

Authorizing an IBM Cloud service to access Secrets Manager

To authorize a supported IBM Cloud service to access your Secrets Manager instance, you can create an authorization between the services. Be sure that you have the SecretsReader service role or higher on your Secrets Manager instance.

In the console, click Manage > Access (IAM), and select Authorizations.
Click Create.
Select a source account for the authorization.
From the Source service list, select the service that you want to integrate with Secrets Manager.
Specify whether you want the authorization for the source service to apply to all the instances that are associated with the account, only a specific instance, or instances that are only in a specific resource group.
From the Target service list, select Secrets Manager.
Specify whether you want the authorization for the target service to apply to all the instances that are associated with the account, only a specific instance, or instances that are only in a specific resource group.
Select the required service access role.

Some integrations might require a specific role. To understand which service role is needed, see the documentation for the service that you want to integrate with Secrets Manager.
Click Authorize.

Next steps

Start integrating your services with Secrets Manager.
Check out this blog for details about to begin using Terraform for Kubernetes Service secret management with IBM Cloud® Kubernetes Service and Secrets Manager.