Security Intermediate

What is Secret Management?

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Secret management prevents credentials from being hardcoded in source code or configuration files. Secrets are stored in dedicated vaults and accessed via APIs at runtime. This centralizes access control, audit logging, and rotation.

Tools include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and Doppler. Best practices include automatic rotation, least-privilege access, encryption at rest and in transit, and never committing secrets to Git.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Brute Force Attack

An attack method that systematically tries all possible combinations of passwords or keys until the correct one is found.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

DAST (Dynamic Application Security Testing)

Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

View All Security Terms →