Thalassa Cloud Thalassa Cloud
Console Sign up for free

Secrets Manager Early Access

A path-based secret store, encrypted with your KMS keys. Store passwords, API keys, certificates, and configuration secrets with versioning, IAM, and optional IP and time-based access policies.

Open the console Documentation

Available in Early Access — general availability later in 2026

Secrets organised by path, encrypted with KMS

Thalassa Secrets Manager lets teams store sensitive data in a hierarchical path structure — without managing your own vault infrastructure. Every secret is encrypted with a KMS key you choose at creation, versioned automatically, and protected by IAM plus optional access policies.

Trusted by teams with strict security requirements

Organisations across the cloud-native industry rely on Thalassa Cloud for sovereign infrastructure — and are among the first to adopt Secrets Manager in Early Access.

ContainerInfra
ContainerInfra

A leader in cloud-native solutions, ContainerInfra builds scalable Kubernetes infrastructure on Thalassa Cloud. Path-based secrets and KMS integration fit how they automate deployments for customers across Europe.

Balean
Balean

"Thalassa Cloud's focus on sovereignty, sustainability, and innovation aligns with our purpose-driven mission to build a more responsible digital and environmental future."

— Balean, Platform Team

Browse secrets by path

Navigate secrets in a file-browser style view — filter by prefix, see versions and KMS key bindings at a glance, and create new secrets from any folder.

Thalassa Cloud console — Secrets Manager browsing secrets by path with version and KMS key columns

Provision with Terraform

Create a KMS key, bind a secret to a path, and generate a random password — all declaratively with the Thalassa Terraform provider. See the Terraform documentation for provider setup.

Terraform example — thalassa_kms_key, thalassa_secret, and thalassa_secret_version resources

Benefit from Infrastructure as Code for your Secret Management

  • Repeatable — same paths and keys across environments, reviewed in PRs.
  • No secrets in git — use generate_secret for platform-generated values.
  • Explicit KMS chain — encryption dependencies visible in your Terraform graph.
  • CI/CD ready — plan and apply with your existing pipelines.

Path-based organisation

Identify secrets by paths like /app/production/database/password. Browse in the console or list by prefix for automation.

  • Path-scoped RBAC for least-privilege per application or team
  • Project-scoped secret namespaces
  • CI/CD paths such as /ci/prod/*
  • Environment separation: staging vs production

Built on Thalassa KMS

No third-party secret backend to operate — every secret uses envelope encryption with a KMS key you control.

  • KMS key binding is immutable after create
  • Requires an active KMS key in the target region
  • Integrated billing for stored versions and get-value API calls

Flexible formats & versioning

Add new secret values without losing history. Destroy individual versions when credentials rotate out.

  • Plain string, key-value maps, or platform-generated random secrets
  • Monotonic version numbers
  • Last-accessed timestamps on secrets and versions
  • Database credentials, API keys, TLS certificates, and more

Policies & audit

Optional restrictions beyond IAM, with dedicated audit events for sensitive operations.

  • IP/CIDR and time-window restrictions on read and write
  • Audit logging for create, read value, put value, policy changes, deletions
  • Separate from generic API audit logs
  • European datacenter hosting with GDPR compliance

Documentation

Explore the Secrets Manager documentation for paths and naming, KMS integration, versioning, access policies, audit logging, and API reference.

Read the getting started guide →

European Public Cloud

DevOps-First Cloud

Deploy and manage your cloud-native applications with our European based public cloud. Access powerful APIs, Kubernetes orchestration, and DevOps tools designed for modern infrastructure.

GDPR Compliant

EU Data Sovereignty

API First

Terraform & REST API

Kubernetes

Self-Service Kubernetes as a Service

High Performance

NVMe Storage, CPU and network

Launch Your Cloud Journey

Code. Ship. Scale. • Pay-as-you-go pricing