[Yandex Cloud documentation](../../index.md) > [Yandex Lockbox](../index.md) > [Concepts](index.md) > Integration with the Yandex Cloud services

# Integration with the Yandex Cloud services


You can use Yandex Lockbox [secrets](secret.md) in the following Yandex Cloud services:
* [Yandex Cloud Functions](#functions).
* [Yandex Connection Manager](#conn-manager).
* [Yandex Managed Service for Kubernetes](#managed-kubernetes).
* [Yandex Serverless Containers](#containers).

## Yandex Cloud Functions {#functions}

If a Cloud Functions [function](../../functions/concepts/function.md) requires sensitive data, e.g., database passwords or [static access keys](../../iam/concepts/authorization/access-key.md), use Yandex Lockbox secrets to provide such data to the function. This will prevent unauthorized third-party access to sensitive data.

For a Cloud Functions function to access the data stored in a Yandex Lockbox secret, assign the `lockbox.payloadViewer` [role](../security/index.md#lockbox-payloadViewer) for the relevant secret to the [service account](../../iam/concepts/users/service-accounts.md) you will use to invoke the function.

## Yandex Connection Manager {#conn-manager}

Connection Manager [connections](../../metadata-hub/concepts/connection-manager.md) and Yandex Lockbox secrets are created automatically when you create a new managed database cluster in Yandex Cloud, if support for Connection Manager is configured at cloud level.

You cannot edit or delete any secret created automatically together with a new cluster: they are updated automatically when editing user settings in a managed database cluster. The names of such secrets match the IDs of the respective connections.

## Yandex Managed Service for Kubernetes {#managed-kubernetes}

By default, Kubernetes stores secrets in an open format. If your [Yandex Managed Service for Kubernetes cluster](../../managed-kubernetes/concepts/index.md#kubernetes-cluster) uses [secrets](../../managed-kubernetes/concepts/encryption.md), set up syncing cluster secrets with Yandex Lockbox secrets using [External Secrets Operator](https://external-secrets.io/latest/provider/yandex-lockbox/). This will prevent unauthorized third-party access to sensitive data.

For External Secrets Operator to access the data stored in a Yandex Lockbox secret, assign the `lockbox.payloadViewer` [role](../security/index.md#lockbox-payloadViewer) for the relevant secret to the [service account](../../iam/concepts/users/service-accounts.md) created while installing External Secrets Operator.

## Yandex Serverless Containers {#containers}

To prevent unauthorized access to [API keys](../../iam/concepts/authorization/api-key.md), tokens, database passwords, and other sensitive data used by Serverless Containers [containers](../../serverless-containers/concepts/container.md), store such data in Yandex Lockbox secrets.

For a Serverless Containers container to access the data stored in a Yandex Lockbox secret, assign the `lockbox.payloadViewer` [role](../security/index.md#lockbox-payloadViewer) for the relevant secret to the [service account](../../iam/concepts/users/service-accounts.md) you will use to run the container.


#### Useful links {#see-also}

* [Providing Yandex Lockbox secrets to a function](../../functions/operations/function/lockbox-secret-transmit.md)
* [Creating a Connection Manager connection](../../metadata-hub/operations/create-connection.md)
* [Syncing with Yandex Lockbox secrets in Managed Service for Kubernetes](../../managed-kubernetes/tutorials/kubernetes-lockbox-secrets.md)
* [Providing Yandex Lockbox secrets to a container](../../serverless-containers/operations/lockbox-secret-transmit.md)
* [Secure storage of GitLab CI passwords as Yandex Lockbox secrets](../../managed-gitlab/tutorials/gitlab-lockbox-integration.md)

## Use cases {#examples}

* [Syncing with Yandex Managed Service for Kubernetes secrets](../tutorials/kubernetes-lockbox-secrets.md)
* [Building a CI/CD pipeline using serverless products](../tutorials/ci-cd-serverless.md)
* [Using a Yandex Lockbox secret to store a static access key via the CLI](../tutorials/static-key-in-lockbox/console.md)
* [Creating an interactive serverless application using WebSocket](../tutorials/websocket-app.md)
* [Automatically copying objects from one Yandex Object Storage bucket to another](../tutorials/bucket-to-bucket-copying.md)
* [Deploying a fault-tolerant architecture with preemptible VMs](../tutorials/nodejs-cron-restart-vm.md)
* [Secure password transmission to an initialization script](../tutorials/secure-password-script/index.md)
* [Loading data from Yandex Direct to a Yandex Managed Service for ClickHouse® data mart using Yandex Cloud Functions, Yandex Object Storage, and Yandex Data Transfer](../tutorials/data-transfer-direct-to-mch.md)