DevOps Dictionary

Secrets Management is the practice of securely storing, controlling access to, and delivering sensitive values such as passwords, API keys, tokens, and encryption keys to applications and infrastructure. It addresses the common failure mode of secrets being hardcoded in source code, committed to Git, copied into config files, or exposed in CI logs, where they can be leaked and reused. At a high level, a secrets manager encrypts secrets at rest, uses identity-based policies to authorize retrieval, provides audited access, and supports rotation by automatically replacing credentials on a schedule or after an incident so older values stop working.

With Secrets Management, teams can automate secure secret distribution and rotation, reduce the blast radius of a compromise, and simplify incident response; without it, secrets tend to sprawl across environments, stay unrotated, and create brittle deployments that are risky to change. This gap exists because modern systems are distributed and automated, so secrets must be injected at runtime in a consistent, policy-driven way.