Generally speaking, any data that must be protected against unauthorized access is treated as sensitive. This includes login credentials, tokens, encryption keys, smart cards, classified documents, and so on. Protection for various types of sensitive data is regulated by many government-approved security information standards and corporate policies, thus being the subject of an entire separate field of Information Security. In the context of applications and microservices, we are mostly interested in a subset of sensitive data, such as:

• Login credentials (username/password)
• API tokens
• Encryption keys
• X.509 certificate/key pairs