Securing Secrets w/ Key Vaults

What are secrets?

Secrets are passwords, usernames, API keys, database passwords, encryption keys, and other private pieces of information that should be kept confidential.

Where are secrets typically found?

Secrets are found and used in applications that require access to a restricted resource. For example, a program that pulls data from a database or an API. These are usually restricted resources and can only be accessed with a certain type of authentication method. These authentication methods can be something as simple as a username and password, or can be an API key. These values permit access to the restricted resource. So secrets, are usually intended to give an application programmatic access to a resource without the need of user input.

Why do secrets need to be secured?

Since secrets are basically passwords for applications instead of users, they are more susceptible to allow an attacker access to a resource without intervention. An attacker can intercept a plain text application secret found in the public source code of a Python app for example, and access the resource directly without any intervention.

What do we do with secrets then?

Just like passwords, secrets need to be kept safe and not in plain text. This can be done with secrets management platforms, and environment variables. I’ll touch on environment variables later.