A cybersecurity best practice for digital businesses, secrets management allows organizations to consistently enforce security policies for non-human identities. Secrets management provides assurance that resources across tool stacks, platforms and cloud environments can only be accessed by authenticated and authorized entities.
The following steps are typically included in a secrets management initiative. Many of these approaches and techniques are also used to protect privileged access by human users.
- Authenticate all access requests that use non-human credentials.
- Enforce the principle of least privilege.
- Enforce role-based access control (RBAC) and regularly rotate secrets and credentials.
- Automate management of secrets and apply consistent access policies.
- Track all access and maintain a comprehensive audit.
- Remove secrets from code, configuration files and other unprotected areas.