Monday 06 July 2026 02:28:19 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Secret manager

A system designed to store and control access to sensitive credentials outside application code.

A secret manager is a system for storing and delivering sensitive credentials such as API keys, passwords, certificates, and tokens outside of application code. Instead of hard-coding secrets in source files, developers save them in a protected vault and request them at runtime through controlled access policies. Good secret managers also support auditing, encryption, and secret rotation.

This matters because code repositories, build logs, and developer workstations are common places for attackers and malicious plugins to look for reusable credentials. If a secret is copied from code or config files, it can often be replayed as a bearer credential until it is revoked. By keeping secrets centralized and tightly permissioned, a secret manager reduces exposure, limits blast radius, and makes it easier to rotate compromised credentials quickly.

← WIKICROOK index