OVHcloud Secret Manager

New

OVHcloud Secret Manager

Explore the new OVHcloud Secret Manager to securely manage your Secrets.

 

🗓️ Beta ends: January 15, 2026
💸 Free during Beta
🌍 localization:  Worldwide

 

OVHcloud Secret Manager

Discover OVHcloud Secret Manager

The OVHcloud Secret Manager is a new managed service in the Data Security suite, designed to:

  • Protect your Secrets (credentials, API keys, etc.) and minimize the risk of theft or loss.

  • Use them securely in your own applications or OVHcloud services through a fully managed interface

  • Control, automate, and log all access to these secrets

data-security

OVHcloud will soon launch its new Secret Manager service.
This service enables dynamic retrieval of Secrets, removing the need to store sensitive data directly within your applications.
It also provides full access control via native integration with OVHcloud Identity and Access Management (IAM) and comprehensive audit logs through OVHcloud Logs Data Platform.

To ensure full service portability and reversibility, OVHcloud Secret Manager offers two sets of APIs:

  • An API compatible with the HashiCorp Vault KV2 interface, making it easy to migrate between Vault/Secret Managers

  • A REST API similar to OVHcloud Key Management Service (KMS), supporting hybrid use cases involving both KMS and Secret Manager

The roadmap for OVHcloud Secret Manager is available on GitHub: https://github.com/orgs/ovh/projects/16/views/11

Use it now!

How does it work?

A Secret stored in OVHcloud Secret Manager consists of a set of one or more key/value pairs.
Each Secret change creates a new version, allowing you to review or revert to previous values of a same Secret.

You can retrieve the content of a Secret in JSON format via the OVHcloud Control Panel or API, and use it in any application, script, or automation.

The native IAM integration allows fine-grained control over who can manage or access each Secret.
In addition, real-time and historical audit logs are available via the OVHcloud Logs Data Platform.

 

Overview


 

How does OVHcloud aim to keep your Secrets safe?

OVHcloud Secret Manager is built on the same backend as OVHcloud Key Management Service (KMS).

All Secrets are encrypted with a key managed by OVHcloud KMS, offering the same security and availability as other KMS-managed keys.
The Secret Manager shares the same region availability and replicated architecture as KMS, detailed here:
https://help.ovhcloud.com/csm/en-kms-architecture?id=kb_article_view&sysparm_article=KB0063349

What’s next on the roadmap?

Upcoming features:

  • Ability to choose the encryption key

  • Secret rotation notifications

  • Multi-region Secret support

FAQ

Will the Beta service be charged?

No, the beta version is free of charge.

What certifications are planned?

The Secret Manager service will share certifications with OVHcloud KMS: ISO27001, FIPS 140-2, CSPN (planned).

Can I use the Beta for production data?

 

While the Beta aims to meet final security and quality standards, OVHcloud cannot guarantee data will not be lost during the Beta phase.

  • Alpha
  • Beta
  • General Availability