Set up the slack alerts for your expiring secrets and certificates

In this tutorial, you will learn how to setup slack alerts from an event notification that originated in your IBM Cloud® Secrets Manager service instance which uses an incoming Secrets Manager event to post a notification to Slack channel.

IBM Cloud Event Notifications supports the native slack integration. No longer need to go thru webhooks!

What is IBM Cloud Event Notifications?

IBM Cloud® Event Notifications is an event notification routing service that notifies you to critical events that occur in your IBM Cloud account or triggers automated actions by using webhooks. You can filter and route event notifications from IBM Cloud services like Availability Monitoring, to email, SMS, push notifications and webhooks.

How events are sent by Secrets Manager?

When an event of interest takes place in your Secrets Manager instance, Secrets Manager communicates with a connected Event Notifications instance to forward a notification to a supported destination.

Posting a notification to Slack

Before you begin

Before you get started, you need the following prerequisites:

• A Slack app with an incoming webhook URL enabled.
• A Slack channel to post your incoming notifications.
• The Slack app must be added to your channel so that incoming messages are displayed. For more information, see the Slack documentation.

Step 1: Create an IBM Cloud Event Notifications service instance

1. Log in to your IBM Cloud account.
2. In the IBM Cloud catalog, search Event Notifications > Event Notifications.
3. Select a Region from the list of supported region and Select a pricing plan.
4. Provide a Service name.
5. Select a resource group.
6. Click Create.

IBM Cloud Event Notifications

Step 2: Create an IBM Cloud Secrets Manager service instance

1. In the IBM Cloud catalog, search Secrets Manager > Secrets Manager.
2. Select a Region from the list of supported region and Select a pricing plan.
3. Provide a Service name.
4. Select a resource group.
5. Click Create.

Secrets Manager

Step 3: Connecting to IBM Cloud Event Notifications in the Secrets Manager UI

1. From the Secrets Manager instance, click Settings.
2. In the Event Notifications section, click Connect.
3. In the side panel, review the source details for the connection. Optionally, provide a description.
4. Select the resource group and Event Notifications service instance that you want to connect.
5. If an IAM authorization between Secrets Manager and Event Notifications doesn’t exist in your account, a dialog is displayed. Follow the prompts to grant access between the services.

To grant access between Secrets Manager and Event Notifications, click Authorize.

In the side panel, select Event Notifications as the target service.

From the list of instances, select the Event Notifications service instance that you want to authorize.

Select the Event Source Manager role.

Click Review.

Click Assign.

6. To confirm the connection, click Connect.

A success message is displayed to indicate that Secrets Manager is now connected to Event Notifications.

Connecting to IBM Cloud Event Notifications

Step 4: Verify the Secrets Manager source in IBM Cloud Event Notifications

1. Click the menu icon > Resource list.

2. Open Services and software.

3. Open the IBM Cloud Event Notifications instance you created.

4. Click Sources.

When you connect to Event Notifications in the Secrets Manager UI, a source, with the same name as your Secrets Manager instance name, is automatically added to your IBM Cloud Event Notifications Sources list.

Secret Manager as a source

Step 5: Create an IBM Cloud Event Notifications Destination

1. In the Event Notifications UI, go to Destinations.
2. Create a destination

• From the navigation, click Destinations > Add.
• Provide a name for your destination. For example, Slack.
• Select Webhook as the destination type.
• Paste the URL that you copied from an incoming webhook URL
• Click Add.

Step 6: Create an IBM Cloud Event Notifications topic

Next you will define an IBM Cloud Event Notifications topic that will receive an event from Secret Manager.

1. Click Topics.

2. Click Create. The Topic details panel opens.

3. In the Topic details enter the following:

• Enter the Name for your topic. For example, MonitorSecretExpiry.
• For Source select the IBM Cloud Event Notifications source, which is named the same as your Secrets Manager instance.
• Select an Event Type. For this tutorial select Secret about to expire.
• Select an Event subtype. For this tutorial select Secret expire in 10 days.
• Select a Severity. For this tutorial select High Severity.

4. Click Add a condition. (If you do not click Add a condition before you click Create, the topic will be created with no conditions associated with it.)

5. Click Create. Your topic will be displayed in the Topics list.

Note: Click Add a condition without selecting any Event Type to send the test event from Secrets Manager UI.

Create a topic

Step 7: Create an IBM Cloud Event Notifications Slack Subscription

In this step you will configure who will receive a slack alert when a notification is processed.

1. Click Subscriptions.
2. Click Create. The Create a subscription panel opens.
3. In the Create a subscription panel enter the following:

• Enter the Name for your subscription. For example, SecretExpirySubscription.
• For Topic select the topic you created. For example, MonitorSecretExpiry.
• For Destination select Slack.

Create a Subscription

Step 8: Sending test event from Secret Manager UI

In this step you will send test event from Secret Manager UI.

1. Click the menu icon > Resource list.

2. Open Services and software.

3. Open the Secrets Manager instance you created.

4. Click Settings.

5. Click on send test event.

You should start receiving slack alert that you configured whenever the criteria defined in both Secrets Manager and IBM Cloud Event Notifications match.

Slack Alert

Cheers! Let me know your feedback in the comment section.