Security

Secrets Management

The practice of securely storing, accessing, and managing sensitive credentials like API keys, passwords, certificates, and encryption keys throughout their lifecycle.

Also known as:Secret ManagementCredential Management

What is Secrets Management?

Secrets management is the practice of securely handling sensitive information - such as passwords, API keys, tokens, certificates, and encryption keys - throughout their entire lifecycle. It ensures secrets are stored securely, accessed only by authorized entities, and rotated regularly.

Types of Secrets

  • API keys and tokens
  • Database credentials
  • SSH keys
  • TLS/SSL certificates
  • Encryption keys
  • Service account credentials
  • OAuth client secrets

Key Capabilities

Secure Storage

  • Encrypted at rest
  • Access controls
  • Audit logging

Access Management

  • Authentication required
  • Fine-grained permissions
  • Just-in-time access

Lifecycle Management

  • Automated rotation
  • Expiration policies
  • Revocation capabilities

Integration

  • API access
  • CI/CD integration
  • Container orchestration support

Secrets Management Tools

  • HashiCorp Vault
  • AWS Secrets Manager
  • Azure Key Vault
  • Google Secret Manager
  • CyberArk
  • 1Password (teams)

Best Practices

  • Never hardcode secrets
  • Use environment variables or secrets managers
  • Rotate secrets regularly
  • Implement least privilege
  • Audit secret access
  • Use short-lived credentials
  • Separate secrets by environment

Anti-Patterns to Avoid

  • Secrets in source code
  • Secrets in configuration files
  • Sharing secrets via email/chat
  • Long-lived credentials
  • Overly broad access
Previous

SAML

Next

Secure SDLC