Security Intermediate

What is Secret Management?

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Secret management prevents credentials from being hardcoded in source code or configuration files. Secrets are stored in dedicated vaults and accessed via APIs at runtime. This centralizes access control, audit logging, and rotation.

Tools include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager, and Doppler. Best practices include automatic rotation, least-privilege access, encryption at rest and in transit, and never committing secrets to Git.

Related Terms

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

A security model that requires strict identity verification for every user and device, regardless of their network location.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

View All Security Terms →