Full Definition
What is Secrets Management?
Secrets management is the practice of securely handling sensitive information - such as passwords, API keys, tokens, certificates, and encryption keys - throughout their entire lifecycle. It ensures secrets are stored securely, accessed only by authorized entities, and rotated regularly.
Types of Secrets
- API keys and tokens
- Database credentials
- SSH keys
- TLS/SSL certificates
- Encryption keys
- Service account credentials
- OAuth client secrets
Key Capabilities
Secure Storage
- Encrypted at rest
- Access controls
- Audit logging
Access Management
- Authentication required
- Fine-grained permissions
- Just-in-time access
Lifecycle Management
- Automated rotation
- Expiration policies
- Revocation capabilities
Integration
- API access
- CI/CD integration
- Container orchestration support
Secrets Management Tools
- HashiCorp Vault
- AWS Secrets Manager
- Azure Key Vault
- Google Secret Manager
- CyberArk
- 1Password (teams)
Best Practices
- Never hardcode secrets
- Use environment variables or secrets managers
- Rotate secrets regularly
- Implement least privilege
- Audit secret access
- Use short-lived credentials
- Separate secrets by environment
Anti-Patterns to Avoid
- Secrets in source code
- Secrets in configuration files
- Sharing secrets via email/chat
- Long-lived credentials
- Overly broad access