Security Intermediate

What is Secret Management?

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Secret management prevents credentials from being hardcoded in source code or configuration files. Secrets are stored in dedicated vaults and accessed via APIs at runtime. This centralizes access control, audit logging, and rotation.

Tools include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and Doppler. Best practices include automatic rotation, least-privilege access, encryption at rest and in transit, and never committing secrets to Git.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

Webhook Signature Verification

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

A technique that controls the number of requests a client can make to a server within a specified time period.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

View All Security Terms →