So...what is a secret? A secret refers to authentication credentials that provide users and applications with access to sensitive data, systems and services.

The common types of secrets we have are;

• Passwords
• Application and APIs
• SSH keys
• Authorization tokens
• Private certificates
• One time passwords
• Private encryption keys e.t.c.

What is secrets management? Secrets management is the process of securely and efficiently managing the creation, rotation , revocation and storage of digital authentication and authorization credentials.

Need for secrets management

• Secrets are used by all kinds of applications for authenticating not only actual physical users but also specific processes and applications.

• The more authentication process are required; the more secrets are used.

• It provides the ability to securely store, transmit and audit secrets.

• A string secrets policy helps mitigate the following common challenges:

  • Sharing secrets.
• Reusing secrets.
• Weak secret storage, such as storing secrets unencrypted or in plain text.
• Lack of secret rotation.
• Lack of secret revocation.