General information about the Secrets Manager product
Secrets Manager is a single secure service for:
- storing secrets — sensitive data such as logins, application and database passwords, SSH keys, API keys and other sensitive data from Servercore or external services;
- certificate management: Let's Encrypt® and TLS certificates, private key storage.
Secrets and certificates can be handled in the control panel, via the Secrets Manager API.
The product supports: user types and roles, projects.
Secrets
All sensitive data that you have added to the Secrets Manager is stored in a single repository. Only authorized users have access to the storage.
Secrets are stored in encrypted form (AES 256-GCM). TLS encryption is used in the transmission of extracted data — this provides protection against eavesdropping and data modification.
Sensitive data that is added to the secret manager can be configured to be accessed automatically from applications instead of being stored in the source code.
The history of secret operations is available.
Certificates
You can store TLS certificates obtained from certificate authorities and self-signed certificates in the Secrets Manager. For domains that are added to DNS hosting, you can issue a Let's Encrypt® certificate with automatic renewal.
Available certificate public key encryption algorithms are RSA and ECDSA.
You can download a certificate, intermediate certificate chain, root certificate, and private key.
Custom certificates can be used in a cloud load balancer.
The history of certificate transactions is available.
Cost
The service is provided free of charge.