Skip to main content
General information about the Secrets Manager product
Last update:

General information about the Secrets Manager product

Secrets Manager is a single secure service for:

  • storing secrets of sensitive data: logins, application and database passwords, SSH keys, API keys and other sensitive data from Selectel or external services;
  • certificate management: Let's Encrypt® and TLS certificates, private key storage.

Secrets and certificates can be handled in the Control Panel or through the Secrets Manager API.

The product supports user types and roles.


Sensitive data is stored in the secret manager in encrypted form (AES 256-GCM). TLS encryption is used in the transmission of extracted data — this provides protection against eavesdropping and data modification.

You don't have to store sensitive data in the source code, but rather set it to be automatically accessed from applications.

All secrets are stored in a single repository that only authorized users have access to.

The history of secrets operations is available.


You can store TLS certificates obtained from certificate authorities and self-signed certificates in the secrets manager. You can issue a Let's Encrypt® certificate with automatic renewal.

Available certificate public key encryption algorithms are RSA and ECDSA.

You can download a certificate, intermediate certificate chain, root certificate, and private key. The certificate can be used in cloud load balancer.

The certificate operations history is available.


The service is in beta testing mode and is free of charge.

We will notify you in advance about the inclusion of the product payment.