Service Certificate – STACKIT Secrets Manager
STACKIT Secrets Manager
High level service description
STACKIT Secrets Manager („Secrets Manager”) is a managed service that provides a secure key-value store for sensitive data (such as passwords, configuration files and text). It enables the protection and management of secrets. The Secrets Manager provides an API that enables easy integration into applications and workflows. This allows the separation of source code and secrets, and compliance requirements can be implemented. The Secrets Manager uses the open source project HashiCorp Vault. This provides extensive integration into various tools such as Kubernetes Secrets Operator, Ansible and Terraform.
- Storage of secrets according to security requirements (e.g., separation of source code and Secrets)
- The customer can order a Secrets Manager fast and simply using the self-service user interface in the STACKIT portal
- Secrets can be managed via a user-friendly configuration interface and API
- Traceability of changes through versioning of individual secrets
- High availability guarantees the safe operation of the Secrets Manager
- Pre-configured auto-update functions keep components up-to-date
The Secrets Manager automatically scales in the number of secrets and users, there are no fixed service plans.
The following limitations apply:
- the number of API accesses is limited to 10,000 accesses per hour
- up to 100 users can be created per Secrets Manager
- five versions are saved per secret
- Billing takes place by the hour according to the number of secrets, starting with a minimum of 50.
- Secrets Manager is considered available as long as the API and configuration interface are accessible at the service delivery point.
There is a system backup of configuration files and databases. The Secrets Manager saves the last five versions of a secret. These can be restored in self-service.
- The customer is responsible for the configuration of Secrets Manager (in particular the management of accounts)
- The following conditions also apply:
- https://github.com/hashicorp/vault/blob/main/LICENSE (Mozilla Public License 2.0)