Skip to main content
DE / EN
Cloud / STACKIT / Products / STACKIT Secrets Manager - Secure Credential Management

STACKIT Secrets Manager - Secure Credential Management

STACKIT Secrets Manager: Secure management of API keys, passwords, certificates. Rotation, audit logs, 100% GDPR compliant.

Security
Get Expert Support Documentation
Pricing Model Per secret + API requests
Availability Germany (multi-AZ)
Data Sovereignty 100% German data centers
Reliability 99.99% availability SLA

What is STACKIT Secrets Manager?

STACKIT Secrets Manager is a fully managed service for secure storage of sensitive data such as API keys, passwords, certificates, and configuration parameters. All secrets are encrypted with AES-256-GCM and keys are managed via STACKIT KMS. The service runs exclusively in German data centers for complete GDPR compliance.

Core Features

  • AES-256-GCM encryption at rest
  • Automatic versioning of all secret changes
  • Configurable automatic rotation for credentials
  • Granular access control via STACKIT IAM
  • Complete audit logging of all access

Typical Use Cases

Database Credentials for Microservices: Instead of storing passwords in environment variables, credentials are retrieved from Secrets Manager at runtime. Automatic rotation ensures regular credential changes.

API Keys for External Services: Payment providers, email services, and cloud APIs require API keys. Secrets Manager stores these encrypted and versioned for quick rollback.

TLS Certificates and Private Keys: Centralized certificate management with expiration notification and automated rotation via Certificate Authorities.

Benefits

  • Complete data sovereignty in German data centers
  • Automatic versioning for quick rollback
  • Integration with Kubernetes, Terraform, and CI/CD pipelines
  • GDPR compliant with complete audit trail

Integration with innFactory

As an official STACKIT partner, innFactory supports you with STACKIT Secrets Manager: architecture, migration, operations, and cost optimization.

Available Tiers & Options

Recommended

Standard

Strengths
  • 10,000 secrets
  • Automatic rotation
  • Versioning
Considerations
  • Standard API rate limits

Typical Use Cases

API key management
Database credential storage
Certificate management
Application configuration
Service account credentials
Multi-environment secrets

Technical Specifications

Access control IAM-based permissions
API REST API, CLI, SDK support
Audit logging Complete access logs
Encryption AES-256-GCM at rest
Integrations Kubernetes, Terraform, CI/CD
Rotation Automatic and manual rotation
Versioning Automatic secret versioning

Frequently Asked Questions

How are secrets encrypted?

Secrets are encrypted at rest using AES-256-GCM. Encryption keys are managed via STACKIT KMS. TLS 1.3 is used during transmission.

Can I rotate secrets automatically?

Yes, for database credentials and API keys you can define rotation intervals that automatically generate new credentials and invalidate old versions.

How do applications access secrets?

Via REST API, SDKs, or Kubernetes integration. Workload Identity enables pods to access secrets directly without hardcoded credentials.

Is STACKIT Secrets Manager GDPR compliant?

Yes, the service operates exclusively in German data centers. STACKIT provides data processing agreements and is ISO 27001 certified.

Quick Links

Documentation Pricing Console

STACKIT Partner

innFactory is an official STACKIT Partner. We provide consulting, implementation, and managed services for the sovereign cloud.

STACKIT Official Partner

Similar Products from Other Clouds

Other cloud providers offer comparable services in this category. As a multi-cloud partner, we help you choose the right solution.

Google Cloud

Access Approval - Google Cloud Access Control

Access Approval for Google Cloud: Manual approval before support accesses your data. Transparency and control for GDPR …

Pricing Included in Enterprise and Enterprise …
SLA Part of support SLA
Compare →
Google Cloud

Access Transparency - Access Logging

Access Transparency logs all Google personnel access to your cloud data. Full transparency and compliance for regulated …

Pricing Included in Premium and higher
SLA Part of support SLA
Compare →
AWS

Amazon Cognito: User Authentication

Amazon Cognito provides user authentication and identity management for web and mobile apps.

Pricing Pay per monthly active user
SLA 99.9% availability
Compare →
AWS

Amazon Detective - Security Analysis

Amazon Detective analyzes security data and assists with investigating security incidents in AWS environments.

Pricing Pay per GB ingested
SLA N/A
Compare →
AWS

Amazon GuardDuty - Threat Detection

Amazon GuardDuty detects threats in AWS accounts through continuous analysis of CloudTrail, VPC Flow Logs, and DNS.

Pricing Pay for events analyzed
SLA N/A
Compare →
AWS

Amazon Inspector - Vulnerability Scanning

Amazon Inspector automatically finds security vulnerabilities in EC2, Lambda and container images. Continuous …

Pricing Pay per instance assessment
SLA N/A
Compare →

46 comparable products found across other clouds.

Ready to start with STACKIT Secrets Manager - Secure Credential Management?

Our certified STACKIT experts help you with architecture, integration, and optimization.

Schedule Consultation