Fundamentals · Beginner
What Is Secrets Management?
By SWI Community Team · Updated 2026-06-13 · 6 min
Secrets management is how you store, distribute, rotate, and audit the credentials that applications and infrastructure use: API keys, database passwords, tokens, and certificates. These are non-human identity credentials, and leaked ones are a leading cause of cloud breaches.
The problem
Secrets end up hardcoded in source, baked into images, and pasted into config. Once leaked, many stay valid for a long time. Industry research finds millions of secrets exposed in public code each year, and a large share remain active.
What good looks like
- Central vault instead of secrets scattered across repos and pipelines.
- Dynamic, short-lived secrets issued on demand rather than long-lived static keys.
- Automated rotation so exposure windows stay small.
- Detection of secrets that leak into code and logs.
- Audit of who and what accessed each secret.
Related disciplines
Secrets management overlaps with PAM for privileged credentials, PKI for certificates, and broader non-human identity governance.
Where to start
Browse secrets management vendors and the machine identity vendors, and read the API key rotation guide.
Frequently asked questions
- What is secrets management?
- Secrets management is the practice of securely storing, distributing, rotating, and auditing sensitive credentials such as API keys, database passwords, tokens, and certificates.
- Why not store secrets in code or environment files?
- Hardcoded or plaintext secrets are easily leaked through source control, logs, or breaches. A secrets manager centralizes and controls access to them.
- What is a dynamic secret?
- A dynamic secret is a short-lived credential generated on demand and automatically expired, which reduces the risk and blast radius of a leaked long-lived secret.