DevOps & InfrastructureCI/CD

Secret Management

Overview

Direct Answer

Secret Management is the centralised practice of securely storing, retrieving, and rotating sensitive credentials—including API keys, database passwords, certificates, and authentication tokens—throughout an application's lifecycle. It enforces principle-of-least-privilege access and maintains an audit trail of credential usage.

How It Works

Dedicated secret vaults encrypt credentials at rest and in transit, typically using key derivation and envelope encryption. Applications authenticate to the vault (rather than embedding credentials) and receive short-lived access tokens or decrypted values on-demand. Rotation policies automatically refresh secrets without manual intervention or application downtime.

Why It Matters

Organisations reduce breach surface area and compliance violations by eliminating hardcoded credentials in codebases and configuration files. Regulatory frameworks (PCI-DSS, HIPAA, SOC 2) mandate centralised credential control, while automated rotation minimises exposure windows and incident response costs.

Common Applications

Kubernetes clusters use native secret objects or external vaults to manage database credentials and container registry access. CI/CD pipelines retrieve deployment tokens and cloud provider credentials during build stages. Microservice architectures leverage HashiCorp Vault or cloud-native solutions to authenticate inter-service calls.

Key Considerations

Secret sprawl—accumulation of unused or forgotten credentials—remains a common challenge despite centralised storage. High-availability requirements and latency-sensitive workloads must balance security with performance when retrieving credentials at scale.

Cross-References(1)

Cloud Computing
API

More in DevOps & Infrastructure

Chaos Engineering

Site Reliability

The discipline of experimenting on distributed systems to build confidence in their ability to withstand turbulent conditions.

Site Reliability Engineering

Site Reliability

A discipline applying software engineering principles to infrastructure and operations to create scalable, reliable systems.

Vertical Scaling

CI/CD

Increasing the resources (CPU, RAM, storage) of an existing machine to handle more load.

Prometheus

Observability

An open-source monitoring and alerting toolkit designed for reliability and scalability in cloud-native environments.

Immutable Infrastructure

Infrastructure as Code

An approach where infrastructure components are never modified after deployment but replaced entirely with updated versions.

Puppet

Infrastructure as Code

A configuration management tool that automates the provisioning and management of infrastructure.

Observability

Observability

The ability to understand a system's internal state from its external outputs, encompassing metrics, logs, and traces.

Grafana

Observability

An open-source analytics and visualisation platform for monitoring metrics from multiple data sources.

See Also

API

Application Programming Interface — a set of protocols and tools for building and integrating software applications.

Cloud Computing