Secrets Management
How to manage secrets safely with rotation, access controls, and evidence.
Published:
Admin User
Updated:
published
Secrets Management
Secrets management protects credentials and reduces blast radius if something leaks.
Key controls are access boundaries, rotation, and evidence of compliance.
See also
Security Baseline Least Privilege Incident ReadinessFAQ
What counts as a secret?
Credentials, API keys, tokens, certificates, and any value granting access.
What’s the minimum standard?
Centralized storage, access control, rotation, and incident response readiness.
How often should secrets rotate?
Based on risk and capability—rotate high-risk secrets more frequently and after incidents.
What’s a common failure mode?
Secrets in source control, logs, or long-lived credentials with broad access.
What’s the first improvement?
Remove secrets from code, centralize storage, and enforce least privilege access.