Glossary

Secrets management

Secrets management is how an application handles credentials, API keys, and private keys: where they are stored, how they are accessed, and how they are rotated. The goal is that a secret never lives in source code, a log, or any place it can leak.

In code

The cardinal violation is a key hardcoded or committed instead of read from a managed secret store, which puts it in the repository, its history, and every clone and CI cache. A committed secret must be treated as exposed and rotated.

ISO 27001 A.8.24 in code

Get early access ← All terms