๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is Secret Management?

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Secret management prevents credentials from being hardcoded in source code or configuration files. Secrets are stored in dedicated vaults and accessed via APIs at runtime. This centralizes access control, audit logging, and rotation.

Tools include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and Doppler. Best practices include automatic rotation, least-privilege access, encryption at rest and in transit, and never committing secrets to Git.

Related Terms

OWASP Top 10
A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.
Hashing
A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.
XSS (Cross-Site Scripting)
An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.
Vulnerability Scanning
Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
SAST (Static Application Security Testing)
Automated analysis of source code to find security vulnerabilities without executing the application.
View All Security Terms โ†’