Fork this repo
Secrets Management

Secrets Management #

TLDR: Build and runtime secrets are stored securely and documented appropriately
Rationale: Leaked secrets such as api keys, cryptography keys, identity tokens are a common attack scenario.

Background #

Secrets must be stored in a secure way, and a documented in a central place. Cryptographic failures are the second highest risk in the OWASP top ten so rigor and process is essential.

Change Records

How we implement this control #

  • We use AWS secrets manager to store infrastructure secrets
  • Secrets are provisioned in our terraform model (instructions here)
  • Secrets are entered via the AWS cloud console by the authorized team members

© Kosli 2022, all rights reserved
CCPA Do not sell my info