Secret Manager

Definition

A Secret Manager is a tool or service designed to securely store, manage, and access sensitive information such as API keys, passwords, certificates, and other confidential data. It provides encryption, access control, and auditing capabilities to ensure that secrets are protected from unauthorized access and accidental exposure. Secret Managers are commonly used in cloud environments and integrated into CI/CD pipelines to automate the secure handling of secrets.

Secure Settings Example

# Example using AWS Secrets Manager with IAM policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue"
      ],
      "Resource": "arn:aws:secretsmanager:region:account-id:secret:exampleSecret",
      "Condition": {
        "StringEquals": {
          "aws:RequestTag/Environment": "production"
        }
      }
    }
  ]
}

Insecure Settings Example

# Example of hardcoding secrets in a configuration file
database:
  username: admin
  password: supersecretpassword