General information about the Secrets Manager product
Secrets Manager is a single secure service for:
- storages secrets — sensitive data, such as logins, application and database passwords, SSH keys, API keys, and other sensitive data from Selectel or external services;
- administrations certificates Let's Encrypt® and TLS certificates, private key storage.
Secrets and certificates can be handled in control panels through Secrets Manager API or Terraform.
The product supports: user types and roles, projects.
Secrets
All sensitive data that you have added to the Secrets Manager is stored in a single repository. Only authorized users have access to the storage.
Secrets are stored in encrypted form (AES 256-GCM). TLS encryption is used in the transmission of extracted data — this provides protection against eavesdropping and data modification.
Sensitive data that is added to the secret manager can be configured to be accessed automatically from applications instead of being stored in the source code.
Available transaction history with secrets.
Certificates
In the secrets manager, you can store TLS certificates obtained from certificate authorities and self-signed certificates. For domains that are added to DNS hosting you can issue a Let's Encrypt® certificate with automatic updates.
Available certificate public key encryption algorithms are RSA and ECDSA.
You can download a certificate, intermediate certificate chain, root certificate, and private key.
Custom certificates can be used in cloud-based load balancer.
Available certificate transaction history.
Cost
The service is provided free of charge.