What is a secrets engine?
Secrets enginesA component that serves as a back end for a specific type of secret, such as a password or an API key, within a secrets management service. Depending on its type, a secrets engine can store data, generate secrets on demand, and more. are components in IBM Cloud® Secrets Manager that are used to process operations for secrets of different types.
Learning about engine configurations
In Secrets Manager, a secrets engine serves as the back end for a specific type of secret, such as a password or an API key. Depending on its type, a secrets engine can store data, generate secrets on demand, and more.
Some engines require a configuration before you can enable them for your instance. For example, when you try to order SSL/TLS certificates or create IAM credentials for the first time, a message is displayed to show that an engine configuration is required.
What's in a configuration?
Engine configurations that you add to your instance contain the properties that the service can use to enable operations for a secret type. For example, if you define certificate authority (CA) and DNS provider configurations for your instance, you can use Secrets Manager to order public certificates (public_cert
).
Check out the following image to see how a configuration is structured.
-
The
name
andtype
fields hold identifying information about a configuration. -
The
config
object contains the actual configuration details.When you use the Secrets Manager API to set the configuration of a secret type, the properties that you add to the
config
object differ depending on the type of configuration that you are adding. For example, the following truncated example shows how the configuration model is represented for a certificate authority (CA) configuration.{ "name": "my-lets-encrypt-config", "type": "letsencrypt", "config": { "private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANB...(redacted)" } }
How do I get started?
To get started with secrets, you can go to the Secrets engines page of the Secrets Manager UI, or check out the API reference to learn more about managing secret types programmatically.