IBM Cloud Docs
Best practices for using Secrets Manager

Best practices for using Secrets Manager

Review the following suggested guidelines for implementing best practices around your secrets management with IBM Cloud® Secrets Manager.

  • IBM Cloud® Secrets Manager is a regional service. Provision Secrets Manager instances per region to spread your workloads and limit the blast radius in case of a regional outage.
  • Secrets Manager is a single-tenant service. CPU and memory limits are applied per Secrets Manager instance. Those limits restrict the API request rates based on the usage pattern. As a rule of thumb, it is recommended to keep the rate below 20 req/s. Additionally, limit the number of unique clients that make requests to a single Secrets Manager instance.
  • Use Secrets Manager as a cold storage. Apply caching and throttling to regulate the rate of requests to a Secrets Manager instance.
  • In case requests fail with timeouts or 429 or 503 HTTP status codes, apply exponential backoff retries within the described rate limits.