Security Intermediate

What is Secret Management?

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Secret management prevents credentials from being hardcoded in source code or configuration files. Secrets are stored in dedicated vaults and accessed via APIs at runtime. This centralizes access control, audit logging, and rotation.

Tools include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and Doppler. Best practices include automatic rotation, least-privilege access, encryption at rest and in transit, and never committing secrets to Git.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Content Security Policy (CSP)

An HTTP security header that controls which resources a browser is allowed to load for a web page, preventing XSS and data injection.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

View All Security Terms →