Secret Manager

Q: What is the pricing model of the Secret Manager service?

The pricing model of the Secret Manager service is predictive and based on the number of secrets stored. Prices are set according to the region where the secret is stored. You can check our pricing page for more information on current rates.

Securely manage your sensitive data with Secret Manager

OVHcloud’s Secret Manager allows you to securely store your secrets and enables OVHcloud applications and services to automatically retrieve them while managing versions, access management, and logging. This provides you with a higher level of security for your applications and CI/CD processes.

Enhanced security for your sensitive information
Centralised and controlled secrets management
Seamless integration with your applications and services
Secrets archiving
Native integration with OVHcloud IAM for precise control over who can manage or access each secret
Real-time and historical audit logs available via OVHcloud Logs Data Platform

End of Beta: 15 December 2025
Free during the beta phase
Availability: Global (except for eu-west-eri, eu-central-waw and ap-south-mum)

Order now

Easily secure and integrate your secrets

Enhanced security and availability

With advanced encryption mechanisms, Secret Manager aims to protect your sensitive information from unauthorised access. Our storage architecture also offers high availability (HA), allowing you to access your secrets under enhanced security measures.

Centralised user management

Secret Manager allows you to manage your secrets in a centralised and controlled way, with access and role management features to improve security and compliance. You can store, manage, and secure your secrets in one place, and use versioning features to track any changes.

Seamless integration

Thanks to user-friendly APIs, Secret Manager offers easy and seamless integration with your existing OVHcloud applications and services, without compromising on security or performance. Secure communication protocols enhance the confidentiality and integrity of your secrets.

Control and auditability

Secret Manager offers logging and reporting features to increase control and compliance. Real-time and historical audit logs allow you to track changes and access to your secrets.

Key features

Regionalisation

Secret Manager allows you to store your secrets in a specific region to meet data sovereignty requirements.

Secure storage

Secret Manager stores your sensitive information securely and in a controlled manner, with advanced encryption mechanisms to protect your secrets from unauthorised access. Our storage architecture is also designed to provide high availability (HA), ensuring that you can access your secrets at all times.

Compliance

Secret Manager is designed to meet the compliance requirements of various standards and regulations, including FIPS 140-3 and ISO 27001 (and soon PCI-DSS, HDS, and CSPN).

Integration with other products

Secret Manager integrates with other OVHcloud products to provide a seamless and secure secrets management experience.

Access control

Secret Manager integrates OVHcloud IAM and offers granular access control for your secrets, with access and role management features to enhance security and compliance.

Audit

Secret Manager integrates Logs Data Platform and offers auditing features to track access and changes made to your secrets, to enhance security and compliance.

SPECIFICATIONS

Technical characteristics

Architecture

Secure and controlled storage, based on the OKMS platform.

Supported APIs

REST API and Hashicorp Vault KV2 compatible API for migration reversibility.

Encryption

Secrets are encrypted with a key managed through its OVHcloud KMS service.

Integrations

Integration with existing applications and services.

Availability

Regional availability for secrets sovereignty.

Certifications

Compliance with FIPS 140-2 and ISO27001 security standards.

Ready to get started?

Create an account and launch your services in minutes

Get £175 in free credit to launch your first Public Cloud project

Get started now

Guides

OVHcloud KMS Architecture

This guide explains how we manage the resilience of the KMS key management service at OVHcloud.

Find out more

Using Secret Manager in the OVHcloud Control Panel

Learn how to use Secret Manager in the OVHcloud Control Panel to securely store and manage your secrets.

Find out more

Using Secret Manager with the Hashicorp Vault compatible API

Integrate your secrets into your applications and services by learning to use Secret Manager with the Hashicorp Vault-compatible API.

Find out more

Using Secret Manager with the REST API

Learn to use Secret Manager with the REST API to integrate your secrets into your applications and services.

Find out more

Use cases

See more use cases

Secure secrets management for web applications

Web applications often require storing secrets such as SSH keys, database credentials, and API keys. Secret Manager allows you to store these secrets in a secure and controlled way, with access and role management features to enhance security and compliance.
For example, a web application requiring one Load Balancer, two web servers, two application servers, and one high-availability database server can use Secret Manager to manage 15 secrets and around 4,000 requests per month.

Secrets management for Kubernetes clusters

Kubernetes clusters often need to manage secrets such as database credentials, API keys, and TLS certificates. Secret Manager allows you to synchronise these secrets in a secure and controlled way, with access and role management features to enhance security and compliance.
For example, an application with five pods that need to interact together can use Secret Manager to manage seven secrets and about 500 requests per month.

Ephemeral secrets management for microservices

Microservices often need to manage ephemeral secrets such as security tokens generated on demand. Secret Manager allows you to manage these ephemeral secrets in a secure and controlled way, with access and role management features to enhance security and compliance.
For example, a custom solution requiring security tokens for 80 microservices can use Secret Manager to manage 5 million secrets and around 10 million requests per month.

Secrets management for CI/CD pipelines

CI/CD pipelines often need to manage secrets such as API keys and database credentials. Secret Manager allows you to store these secrets in a secure and controlled way, with access and role management features to enhance security and compliance.
For example, a CI/CD pipeline can use Secret Manager to manage 10 secrets and around 1,000 requests per month.

Related products

Identity and Access Management (IAM)

Securely manage the identities of your users and applications, as well as their permissions through a single interface for all of your services.

Logs Data Platform

Collect, store and view your logs.

Key Management Service

Elevate your security and efficiently manage your encryption keys with OVHcloud’s Key Management Service (KMS).

Your questions answered

What is a secret?

A secret is sensitive information that requires special protection, such as database login credentials (username and password), SSH keys to connect to PCI instances or Bare Metal servers, OAuth tokens or API keys for machine authentication, or TLS certificates to secure communication between pods in a Kubernetes cluster.

What is the pricing model of the Secret Manager service?

The pricing model of the Secret Manager service is predictive and based on the number of secrets stored. Prices are set according to the region where the secret is stored. You can check our pricing page for more information on current rates.

Can I integrate Secret Manager with my existing applications and services?

Yes, Secret Manager offers easy and seamless integration with your existing applications and services, thanks to user-friendly APIs and SDKs.

Can I use Secret Manager to manage secrets in multiple regions?

Yes, Secret Manager allows you to manage secrets across multiple regions to meet data sovereignty requirements.

What are the benefits of using Secret Manager?

The benefits of using Secret Manager include enhanced security, centralised secret management, seamless integration with applications, and the ability to audit access to secrets. Thanks to integration with OVHcloud IAM, you can manage access and rights to your secrets in a detailed and precise way, by defining specific roles and permissions for each user or user group. This allows you to control who can access your secrets and limit the risk of data leaks. What’s more, the Secret Manager audit logs allow you to track changes and access to your secrets for better visibility and security.

How can I access Secret Manager’s audit logs?

The Secret Manager audit logs are accessible via the OVHcloud logs platform.

What APIs are available to integrate Secret Manager with my applications and services?

Secret Manager offers REST APIs and Hashicorp Vault KV2 to integrate the service with your existing applications and services. These APIs allow you to create, read, update, and delete secrets, as well as manage access and roles. The Hashicorp API support also allows migration to the Secret Manager to be reversed, giving you the flexibility to choose the secrets management service that best suits your needs. You can refer to our API documentation for more information on the available APIs and their usage.

Will the Beta service cost anything?

No, the Beta version is free.

Can I use the Beta for production data?

Although the Beta aims to meet final security and quality standards, OVHcloud cannot guarantee that data will not be lost during the Beta phase. We therefore strongly recommended not to use the Beta for production data.