Secret Management
Security is usually a cumbersome topic for developers, but if it is not taken care of, it can result in severe consequences. Secret management is one of the building blocks for achieving a completely secure system in DevOps. It usually refers to techniques and tools for handling sensitive information (secrets) in a digital system. Any sensitive information could be treated as a secret. For example, these are some of the most commonly used secrets in DevOps:
- API keys
- Database passwords
- TLS certificates
Secret management implies managing the life cycle of secrets, which includes creating, storing, consuming, and even disposing of them safely. Secrets can be managed using a secret management software, such as Hashicorp's Vault (https://www.vaultproject.io/) or Square's Keywhiz (https://square.github.io/keywhiz/). Although they can be helpful with some secret management practices, they can also bring unnecessary complexity to your...