Secret Manager

Secure and manage your sensitive data with Secret Manager

With OVHcloud Secret Manager, you can securely store and manage sensitive data with confidence. Your secrets remain protected and seamlessly integrated into your applications. Centralized control, precise access management, and real-time audit logs through the OVHcloud Logs Data Platform help you strengthen security and streamline operations.

Order now

Easily secure and integrate your secrets

Enhanced security and availability

With advanced encryption mechanisms, Secret Manager protects your sensitive data while helping ensure high availability for secure, reliable access.

Centralized user management

Secret Manager provides centralized control for managing and securing your secrets, with access and role management in a single interface. Versioning helps you track changes over time.

Seamless integration

Easily integrate with your OVHcloud applications through secure APIs, helping ensure strong security and performance through trusted communication protocols.

Control and audibility

Secret Manager provides real-time and historical audit logs, giving you visibility and control while supporting compliance by tracking access and changes to your secrets.

Key features

Secure storage

Securely store sensitive information using advanced encryption and high availability, helping protect against unauthorized access.

Data model

Secrets are stored as versioned key-value objects with metadata, enabling safe updates, rollbacks, and controlled access patterns.

Audit tools

Secret Manager integrates with Logs Data Platform to track access and changes to secrets, supporting traceability, forensic analysis, and operational auditing.

Secret lifecycle management

Secret Manager enables centralized creation, versioning, rotation, and deletion of secrets, allowing controlled updates without requiring application redeployment.

Access control

Secret Manager integrates with OVHcloud IAM to provide fine-grained, role-based access control and support least-privilege access across users, services, and environments.

Technical specifications

Architecture

Secure and controlled storage based on the OKMS platform.

Supported APIs

HashiCorp Vault KV2-compatible

Compliance

Compliance with FIPS 140-3 and ISO27001 security standards.

Encryption

Encryption using OVHcloud KMS-managed keys.

Secret Manager

$0.03

/secret/version/month

Order now

Guides

OVHcloud KMS Architecture

Understand how OVHcloud designs and maintains the resilience of the infrastructure used for OVHcloud KMS (Key Management Service).

View architecture guide

Using Secret Manager in the OVHcloud Control Panel

Learn how to use Secret Manager in the OVHcloud Control Panel to securely store and manage secrets.

View Control Panel guide

Using Secret Manager with the HashiCorp Vault-compatible API

Integrate secrets into applications and services using the HashiCorp Vault–compatible API.

View API guide

Using Secret Manager with the REST API

Use the REST API to integrate secrets into applications and services.

View REST API guide

Use cases

See more use cases

Web applications

Secret Manager is designed to securely store and manage secrets such as SSH keys, database credentials, and API keys. Access and role management help decouple sensitive configuration from application code and simplify deployment and operations.

For example, it can handle 15 secrets and around 4,000 monthly requests for a web application requiring one load balancer, two web servers, two application servers, and one high availability database server.

Kubernetes clusters

Secrets such as database credentials, API keys, and TLS certificates can be securely synchronized for Kubernetes clusters. Access and role management support dynamic, container-native secret delivery at scale.

For example, it can manage 7 secrets and around 500 monthly requests for an application with 5 pods.

Microservices

Ephemeral secrets, such as on-demand security tokens, can be securely managed for microservices. Access and role management support high-frequency access patterns in distributed microservices architectures.

For example, it can manage about 5 million secrets and 10 million monthly requests for a solution requiring security tokens for 80 microservices.

DevOps pipelines

DevOps pipelines often need to manage secrets such as API keys and database credentials. Secret Manager allows you to inject secrets at runtime without exposing them in pipeline configuration files or build logs. For example, a CI/CD pipeline can use Secret Manager to manage 10 secrets and around 1,000 requests per month.

Related Products

Identity and Access Management (IAM)

Securely manage the identities of your users and applications and their permissions through a single interface for all your services.

Logs Data Platform for Security Operations

Collect, store and view your logs.

Key Management Service (KMS)

Elevate your security and efficiently manage your encryption keys with OVHcloud’s Key Management Service (KMS).

Frequently Asked Questions

What is a secret in OVHcloud Secret Manager?

A secret is sensitive information that requires special protection, such as database credentials, SSH keys used to connect to PCI instances or bare metal servers, OAuth tokens or API keys for machine authentication, or TLS certificates that secure communication between pods in a Kubernetes cluster.

How is OVHcloud Secret Manager priced?

The pricing model for OVHcloud Secret Manager is predictable and based on the number of secrets and versions stored. Prices vary by the region where the secret is stored.

Can I integrate OVHcloud Secret Manager with existing applications?

Yes, Secret Manager integrates with existing applications and services through user-friendly APIs and SDKs.

Can I use Secret Manager to manage secrets in multiple regions?

Yes, Secret Manager allows you to manage secrets across multiple regions.

What are the benefits of using OVHcloud Secret Manager?

OVHcloud Secret Manager provides enhanced security, centralized secret management, and seamless integration with applications. Integration with OVHcloud Identity and Access Management (IAM) allows you to define precise access rights and roles for users and groups. Audit logs help you track access and changes to secrets, improving visibility and security.

How can I access audit logs in Secret Manager?

Audit logs for Secret Manager are available through the OVHcloud Logs Data Platform.

Which APIs does OVHcloud Secret Manager support?

OVHcloud Secret Manager supports REST APIs and the HashiCorp Vault KV2–compatible API. These APIs allow you to create, read, update, and delete secrets, as well as manage access and roles. HashiCorp Vault compatibility also supports migration and interoperability. Refer to the API documentation for more details on available APIs and usage.