Glossary

Secrets Management

The practice and tooling for securely storing, accessing, rotating, and auditing sensitive credentials such as API keys, database passwords, certificates, and encryption keys used by applications and infrastructure.

Last updated

What Is Secrets Management?

Secrets management addresses a fundamental security challenge: applications and infrastructure need credentials (database passwords, API keys, TLS certificates, encryption keys) to function, but hardcoding these secrets in source code, config files, or environment variables creates serious risk.

A secrets management solution provides a centralized, encrypted vault for storing secrets, with fine-grained access control and automatic rotation.

Why Secrets Management Matters

Common secrets management failures include:

  • Hardcoded credentials in source code pushed to Git repositories
  • Shared service accounts with passwords that never rotate
  • Secrets sprawl across config files, CI/CD pipelines, and environment variables
  • No audit trail of which applications or users accessed which secrets

Any of these can lead to a breach. Leaked cloud credentials, in particular, are one of the most common causes of cloud security incidents.

Key Capabilities

| Capability | Description | |---|---| | Centralized vault | Encrypted storage for all secret types | | Dynamic secrets | Generate short-lived, on-demand credentials | | Automatic rotation | Rotate passwords and keys on a schedule or trigger | | Access policies | Fine-grained control over which identities can read which secrets | | Audit logging | Complete record of secret access and changes | | PKI / certificates | Issue and manage TLS/SSL certificates | | CI/CD integration | Inject secrets into build and deployment pipelines |

Secrets Management Approaches

| Approach | Pros | Cons | |---|---|---| | Dedicated vault (HashiCorp Vault) | Feature-rich, multi-cloud | Operational complexity | | Cloud-native (AWS SM, Azure KV, GCP SM) | Low ops, tight cloud integration | Single-cloud lock-in | | Developer-focused (Doppler, Infisical) | Great DX, easy onboarding | May lack enterprise features | | Open-source (CyberArk Conjur) | No license cost, customizable | Self-managed infrastructure |

Leading Secrets Management Vendors

Major providers include HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, CyberArk Conjur, Doppler, Infisical, Akeyless, and Delinea Secret Server.

Related Resources

Categories

Enterprise Secrets Management Platforms

Compare the best enterprise secrets management platforms in 2026. CyberArk Conjur, Delinea Secret Server, 1Password Business — compliance, audit, and PAM features compared.

Cloud Secrets Management Services

Compare the best cloud secrets management services in 2026. AWS Secrets Manager, Azure Key Vault, GCP Secret Manager — pricing, features, and integrations compared.

Open Source Secrets Management Tools

Compare the best open source secrets management tools in 2026. HashiCorp Vault, Infisical, CyberArk Conjur and more — features, pricing, and deployment compared.

Products

HashiCorp Vault

Industry-standard open-source secrets management platform

AWS Secrets Manager

Native AWS secrets management service with automatic rotation

Azure Key Vault

Microsoft Azure's managed secrets, keys, and certificate service

Google Cloud Secret Manager

GCP-native secrets storage with versioning and audit

CyberArk Conjur

Enterprise privileged access and secrets management platform

Doppler

Developer-first universal secrets management platform

Infisical

Open-source end-to-end encrypted secrets management for teams

Akeyless

SaaS-based zero-knowledge secrets management platform

Delinea Secret Server

Enterprise password and privileged credential vault

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]