diff --git a/common-dev-assets b/common-dev-assets
index 0a5cc323..c7639a6e 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 0a5cc323e143b92b70f28302d59b2e6c1cd5e70e
+Subproject commit c7639a6ede17005c03e313889234d431546440cb
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index c9f3f204..e1ef0261 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,3 +1,8 @@
+locals {
+  sm_guid   = var.existing_sm_instance_guid == null ? ibm_resource_instance.secrets_manager[0].guid : var.existing_sm_instance_guid
+  sm_region = var.existing_sm_instance_region == null ? var.region : var.existing_sm_instance_region
+}
+
 ##############################################################################
 # Resource Group
 ##############################################################################
@@ -142,3 +147,58 @@ resource "time_sleep" "wait_30_seconds" {
   depends_on       = [ibm_is_security_group.sg1]
   destroy_duration = "30s"
 }
+
+##############################################################################
+## Secrets Manager layer
+##############################################################################
+
+# Create Secrets Manager Instance (if not using existing one)
+resource "ibm_resource_instance" "secrets_manager" {
+  count             = var.existing_sm_instance_guid == null ? 1 : 0
+  name              = "${var.prefix}-sm" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value
+  service           = "secrets-manager"
+  service_endpoints = "public-and-private"
+  plan              = "trial"
+  location          = var.region
+  resource_group_id = module.resource_group.resource_group_id
+
+  timeouts {
+    create = "30m" # Extending provisioning time to 30 minutes
+  }
+}
+
+# Add a Secrets Group to the secret manager instance
+module "secrets_manager_secrets_group" {
+  source               = "git::https://github.ibm.com/GoldenEye/secrets-manager-secret-group-module.git?ref=2.0.1"
+  region               = local.sm_region
+  secrets_manager_guid = local.sm_guid
+  #tfsec:ignore:general-secrets-no-plaintext-exposure
+  secret_group_name        = "${var.prefix}-es-secrets"
+  secret_group_description = "service secret-group" #tfsec:ignore:general-secrets-no-plaintext-exposure
+}
+
+# Add service credentials to secret manager as a username/password secret type in the created secret group
+module "secrets_manager_service_credentials_user_pass" {
+  source                  = "git::https://github.ibm.com/GoldenEye/secrets-manager-secret-module?ref=3.1.1"
+  for_each                = var.service_credential_names
+  region                  = local.sm_region
+  secrets_manager_guid    = local.sm_guid
+  secret_group_id         = module.secrets_manager_secrets_group.secret_group_id
+  secret_name             = "${var.prefix}-${each.key}-credentials"
+  secret_description      = "postgresql_db Service Credentials for ${each.key}"
+  secret_username         = module.postgresql_db.service_credentials_object.credentials[each.key].username
+  secret_payload_password = module.postgresql_db.service_credentials_object.credentials[each.key].password
+  secret_type             = "username_password" #checkov:skip=CKV_SECRET_6
+}
+
+# Add secrets manager certificate to secret manager as a certificate secret type in the created secret group
+module "secrets_manager_service_credentials_cert" {
+  source                    = "git::https://github.ibm.com/GoldenEye/secrets-manager-secret-module?ref=3.1.1"
+  region                    = local.sm_region
+  secrets_manager_guid      = local.sm_guid
+  secret_group_id           = module.secrets_manager_secrets_group.secret_group_id
+  secret_name               = "${var.prefix}-es-cert"
+  secret_description        = "postgresql_db Service Credential Certificate"
+  imported_cert_certificate = base64decode(module.postgresql_db.service_credentials_object.certificate)
+  secret_type               = "imported_cert" #checkov: skip=CKV_SECRET_6
+}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index fb342eef..f5dbad4a 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -69,3 +69,15 @@ variable "service_credential_names" {
     "postgressql_editor" : "Editor",
   }
 }
+
+variable "existing_sm_instance_guid" {
+  type        = string
+  description = "Existing Secrets Manager GUID. If not provided an new instance will be provisioned"
+  default     = null
+}
+
+variable "existing_sm_instance_region" {
+  type        = string
+  description = "Required if value is passed into  var.existing_sm_instance_guid"
+  default     = null
+}