Enterprise‑Grade Secrets Management—Now Even More Secure with Direct Link.

In today’s hybrid and multi cloud world, secure connectivity is the foundation of every enterprise workload. IBM Cloud Direct Link delivers high throughput, low latency, private network connectivity to the IBM Cloud backbone, supporting bandwidth options from 1 to 10 Gbps within a resilient architecture designed for mission critical traffic.

Today, we are excited to announce the native integration of IBM Cloud Secrets Manager with IBM Cloud Direct Link. This integration enables customers to centrally store and manage secrets, including MD5 authentication keys and MACsec encryption keys, with enterprise grade governance, compliance, and automation. The result is stronger network security and a simpler operational model for both network and security teams. 

Why This Matters: The Rising Complexity of Network Security
As organizations scale their hybrid architectures, the volume of credentials, keys, and certificates grows rapidly. Secrets often become distributed across teams and tools, increasing security risk, operational overhead, and audit challenges.

Direct Link customers, particularly in regulated industries, have consistently requested:

• A centralized, compliant location to store sensitive routing and MACsec secrets
• Automated lifecycle and rotation capabilities
• A secure alternative to manual key handling
• Full auditability and segregation of duties

With native integration into IBM Cloud Secrets Manager, these needs are now addressed securely and at scale.

Why IBM Cloud Secrets Manager?
IBM Cloud Secrets Manager is built on a dedicated, single‑tenant HashiCorp Vault architecture and backed by IBM Cloud enterprise security, compliance, and availability guarantees. It addresses the core needs of modern enterprises through four key advantages:

1. Dedicated Single‑Tenant Architecture

Each instance runs on a single tenant HashiCorp Vault deployment, ensuring complete data isolation with strong encryption and residency controls.

2. Centralized Secret Management

Network and security teams gain a governed source of truth for routing secrets and MACsec keys, simplifying compliance audits (ISO, SOC, PCI DSS, and more)

3. Integrated Credential Support

Purpose‑built support for networking credentials:

• MD5 Authentication Keys: Secure, dynamic retrieval by routers and edge devices.
• MACsec Keys: Centralized vaulting of CAK and CKN values with full lifecycle governance.

4. Built-in Automation

Automated secret rotation reduces exposure windows, prevents human error, and eliminates risks tied to expired credentials.

Enterprise Security, Availability, and Observability
Organizations already rely on IBM Cloud Secrets Manager for mission critical workloads because it delivers:

·       Enterprise Grade Security & Compliance
Validated against leading global compliance frameworks, including ISO 27001, SOC, PCI DSS, GDPR, ISMAP, C5, and ENS High. This ensures customers can meet stringent regulatory requirements with confidence.

·       High Availability
Seamless failover across three regional data centers ensures continuous access to secrets, even during outages, maintenance windows, or regional disruptions.

·       Audit & Access Controls
Detailed audit logs and role‑based access control (RBAC) provide consistent, scalable governance across large and distributed teams.

·       Operational Visibility
Integration with IBM Cloud Monitoring provides insight into API usage, request latency, failures, and secret counts.

Together, these capabilities position IBM Cloud Secrets Manager as one of the most secure, reliable, and operationally mature secrets‑management solutions in the public cloud.

What This Means for IBM Cloud Direct Link Customers
With this integration, Direct Link now supports:

✔ Secure Storage of MD5 Authentication Keys
Routers and edge devices can retrieve authentication keys dynamically—no more manual distribution and plaintext handling.

✔ Centralized MACsec Key Management
MACsec deployments gain centralized, governed storage with full auditability.

✔ Automated Secret Rotation
Built-in rotation policies reduce operational risk and improve security posture.

✔ Simplified Operational Model
Direct Link references secrets through secure APIs using Secrets Manager’s CRN‑based model, eliminating out‑of‑band secret distribution.

✔ Stronger Security Posture
Centralized secret management reduces exposure risk and supports regulatory requirements.

A Streamlined Experience for Network and Security Teams

The Direct Link integration is designed to be effortless:

1. Create or reference secrets in IBM Cloud Secrets Manager.
2. Tag secrets for routing or MACsec use.
3. Bind secrets securely to your Direct Link configuration using IBM Cloud IAM.
4. Monitor and audit usage through built‑in dashboards.
   
   

No custom scripts.
No manual secret handling.
No one‑off tools.
Just secure, governed, enterprise‑ready networking.

1. Getting started with Direct Link 
2. Preparing for Key Exchange with Secrets Manager  , Setting up MD5 Authentication
3. FAQ's