Secrets Management

Safety

• Never commit secrets to source control.
• Limit access and log secret usage for auditing.

Secrets Management Tools

HashiCorp Vault

• Centralized secrets management
• Dynamic secrets generation
• Secret rotation
• Audit logging
• Fine-grained access control

AWS Secrets Manager

• AWS-native solution
• Automatic rotation
• Integration with RDS
• CloudFormation support

Azure Key Vault

• Azure-native solution
• HSM-backed keys
• Certificate management
• RBAC integration

Google Secret Manager

• GCP-native solution
• Versioning
• IAM integration

HashiCorp Vault Integration

Setup Vault

# Start Vault dev server
vault server -dev

# Set environment
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='root'

# Enable secrets engine
vault secrets enable -path=secret kv-v2

# Store secret
vault kv put secret/database/config username=admin password=secret

GitHub Actions with Vault