| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2025-01-29 |
Secrets Manager integrations, enable integration, create authorization, service to service, grant access between services, using Secrets Manager with other services, authorize Secrets Manager |
secrets-manager |
{:codeblock: .codeblock} {:screen: .screen} {:download: .download} {:external: target="_blank" .external} {:faq: data-hd-content-type='faq'} {:gif: data-image-type='gif'} {:important: .important} {:note: .note} {:pre: .pre} {:tip: .tip} {:preview: .preview} {:deprecated: .deprecated} {:beta: .beta} {:term: .term} {:shortdesc: .shortdesc} {:script: data-hd-video='script'} {:support: data-reuse='support'} {:table: .aria-labeledby="caption"} {:troubleshoot: data-hd-content-type='troubleshoot'} {:help: data-hd-content-type='help'} {:tsCauses: .tsCauses} {:tsResolve: .tsResolve} {:tsSymptoms: .tsSymptoms} {:video: .video} {:step: data-tutorial-type='step'} {:tutorial: data-hd-content-type='tutorial'} {:api: .ph data-hd-interface='api'} {:cli: .ph data-hd-interface='cli'} {:ui: .ph data-hd-interface='ui'} {:terraform: .ph data-hd-interface="terraform"} {:curl: .ph data-hd-programlang='curl'} {:java: .ph data-hd-programlang='java'} {:ruby: .ph data-hd-programlang='ruby'} {:c#: .ph data-hd-programlang='c#'} {:objectc: .ph data-hd-programlang='Objective C'} {:python: .ph data-hd-programlang='python'} {:javascript: .ph data-hd-programlang='javascript'} {:php: .ph data-hd-programlang='PHP'} {:swift: .ph data-hd-programlang='swift'} {:curl: .ph data-hd-programlang='curl'} {:dotnet-standard: .ph data-hd-programlang='dotnet-standard'} {:go: .ph data-hd-programlang='go'} {:unity: .ph data-hd-programlang='unity'} {:release-note: data-hd-content-type='release-note'}
{: #integrations}
With {{site.data.keyword.secrets-manager_full}}, you can save time with platform integrations that help you to dynamically create and retrieve secrets while you work with supported {{site.data.keyword.cloud_notm}} services. {: shortdesc}
{: #available-integrations}
The following table lists the services that can be authorized to work with {{site.data.keyword.secrets-manager_short}}.
| Service | Supports | Description |
|---|---|---|
| {{site.data.keyword.alb_full}} | Certificates | Centrally manage the SSL/TLS certificates that are required for load balancers to perform SSL offloading tasks. Create an authorization between VPC Infrastructure Services and {{site.data.keyword.secrets-manager_short}} to give a load balancer access to your certificates. Learn more about this integration. |
| App Configuration | All secret types | A property value can be imported from {{site.data.keyword.secrets-manager_short}} into the App Configuration service. Learn more. |
| API Connect | Certificates | Store your custom domain certificates in {{site.data.keyword.secrets-manager_short}}, then use certificate CRNs to bind with custom domains in API Gateway. |
| Catalog management | Arbitrary secrets | Centrally manage the credentials for software in your private catalogs. Learn more about this integration. |
| Continuous Delivery | Arbitrary secrets \n IAM credentials | Centrally manage the credentials for your {{site.data.keyword.contdelivery_short}} toolchain. Create an authorization between Toolchain and {{site.data.keyword.secrets-manager_short}} to give a toolchain access to your secrets. Learn more about this integration. |
| {{site.data.keyword.en_short}} | Arbitrary secrets \n Certificates \n IAM credentials \nUser credentials | Send notifications of events in {{site.data.keyword.secrets-manager_short}} to other users, or human destinations, by using email, SMS, or other supported delivery channels. Learn more about this integration. |
| {{site.data.keyword.containershort}} | Arbitrary secrets \n Certificates \n IAM credentials \n Key-value secrets \nUser credentials | Centrally manage Ingress subdomain certificates and other secrets for your Kubernetes clusters. Learn more about this integration. |
| {{site.data.keyword.openshiftshort}} | Arbitrary secrets \n Certificates \n IAM credentials \n Key-value secrets \nUser credentials | Centrally manage Ingress subdomain certificates and other secrets for your {{site.data.keyword.openshiftshort}} clusters. Learn more about this integration. |
| {: caption="Available integrations" caption-side="top"} |
Authorizing an {{site.data.keyword.cloud_notm}} service to access {{site.data.keyword.secrets-manager_short}}
{: #create-authorization}
To authorize a supported {{site.data.keyword.cloud_notm}} service to access your {{site.data.keyword.secrets-manager_short}} instance, you can create an authorization between the services. Be sure that you have the SecretsReader service role or higher on your {{site.data.keyword.secrets-manager_short}} instance.
-
In the console, click Manage > Access (IAM), and select Authorizations.
-
Click Create.
-
Select a source account for the authorization.
-
From the Source service list, select the service that you want to integrate with {{site.data.keyword.secrets-manager_short}}.
-
Specify whether you want the authorization for the source service to apply to all the instances that are associated with the account, only a specific instance, or instances that are only in a specific resource group.
-
From the Target service list, select {{site.data.keyword.secrets-manager_short}}.
-
Specify whether you want the authorization for the target service to apply to all the instances that are associated with the account, only a specific instance, or instances that are only in a specific resource group.
-
Select the required service access role.
Some integrations might require a specific role. To understand which service role is needed, see the documentation for the service that you want to integrate with {{site.data.keyword.secrets-manager_short}}. {: note}
-
Click Authorize.
{: #next-steps-integration}
- Start integrating your services with {{site.data.keyword.secrets-manager_short}}.
- Check out this blog{: external} for details about to begin using Terraform for {{site.data.keyword.containershort}} secret management with {{site.data.keyword.containerfull}} and {{site.data.keyword.secrets-manager_short}}.