Chapter 6. Secrets Management

Up to this point, we have discussed the fundamental concepts and practices that apply to identity security as a whole. It’s important for you to understand these principles as they lay the foundation for any practical identity security exercise in your job. They also give us the necessary background as we move into the rest of this book: practical methods of implementing identity security.

Secrets management is the core activity behind securing non-human (machine) identities. While IT environments and use cases vary between groups and organizations, every app, script, automation tool, and other non-human identity relies on some form of privileged credential to access other apps, scripts, tools, and data. These secrets are essential for authenticating and authorizing users, services, and applications to protect data, communications, and business reputation.

The most common types of secrets are:

• Privileged account credentials

• Passwords

• Certificates

• SSH ...