Skip to content

Introduction to the Secrets Store Service

The Secrets Store service provides a secure, centralized, and highly available vault for storing and managing your application secrets, such as API keys, tokens, passwords, and certificates. This service acts as the single source of truth for all your sensitive data, protecting it with strong encryption and strict access controls.

Storing secrets securely is a fundamental need for any modern application. This service provides a dedicated, purpose-built solution that is more secure than storing secrets in configuration files, environment variables, or Git repositories.

Our managed Secrets Store service is built on OpenBao, an open-source, community-driven fork of the popular HashiCorp Vault project.

Service Models

To meet the diverse needs of our customers, we offer two distinct models for consuming the Secrets Store service:

  1. Shared Secrets Store: For workloads running in our own data centers, you can use our shared, multi-tenant OpenBao cluster. This provides a secure and cost-effective way to manage secrets for your applications, with logical separation between tenants.
  2. Dedicated Secrets Store: For customers who require a dedicated, single-tenant environment, we offer a fully managed, dedicated OpenBao cluster. This provides the highest level of isolation and is ideal for organizations with stringent security and compliance requirements.

This service is the ideal backend for the Secrets Service, which synchronizes the secrets from this store into your Kubernetes cluster.

Features

  • Centralized Secrets Management: Store and manage all your secrets in one secure, central location, providing a single source of truth for your entire application landscape.
  • Strong Encryption: All secrets are encrypted at rest and in transit, ensuring that your sensitive data is always protected.
  • Fine-Grained Access Control: Use policies to define granular permissions, controlling exactly who and what can access your secrets.
  • Detailed Audit Logs: A comprehensive audit log provides a detailed, immutable record of all access and operations, helping you meet your security and compliance requirements.
  • High Availability: The service is deployed in a highly available, clustered configuration to ensure that your secrets are always accessible to your applications.
  • Fully Managed: We handle the setup, configuration, maintenance, and 24/7 operation of the OpenBao cluster, so you can focus on your applications.

Tip

For general information about pricing, legal or support concerning the platform, services or components, consult your contract or see the contact page.