Secret Manager
Secret Manager keeps sensitive values — API keys, database passwords, tokens — out of your code and config files. Secrets live in stores, every update creates a new version you can roll back to, and applications read secrets through scoped access identities instead of sharing human credentials.
Concepts
Before you begin
- A verified IBEE Solutions organization — Secret Manager actions require identity verification (Verify your identity)
Create a store
Create the store
Click Create Store and fill in:
- Store name — e.g.
Payments. The store key is auto-generated from the name. - Description — optional.
The store appears in the list with its name, store key, status, and last-updated time. Click it to open the detail view with two tabs: Secrets and Access.
Create a secret
On the store’s Secrets tab, click Create Secret:
- Secret name — lowercase, e.g.
stripe-api. - Keys and values — one or more entries (e.g.
API_KEY=sk_live_...). Click + Add another key for more.
Row actions on each secret:
Grant application access
On the store’s Access tab, click Create Access:
After creation, use the row actions:
- Login Details — shows the credentials your app authenticates with (Role ID and Secret ID for AppRole; namespace and service account for Kubernetes). From here you can Rotate secret ID (AppRole) or Revoke sessions.
- Permissions — grant the identity access to additional stores, and optionally allow reading older versions, rolling back, or destroying versions (write permission required for the last two).
- Disable / Enable — temporarily block an identity without deleting it.
Archive, restore, and delete a store
From the store detail Actions menu:
- Archive blocks all access to the store until you Restore it.
- Delete permanently removes the store, its secrets, and its access entries. This cannot be undone.
Deleting a store deletes every secret and access identity inside it. Archive instead if you might need the store again.
