Chapter 7. Secret Management
In any application stack, we are almost guaranteed to run into secret data. This is the data that applications want to keep, well, secret. Commonly, we associate secrets with credentials. Often these credentials are used to access systems within or external to the cluster, such as databases or message queues. We also run into secret data when using private keys, which may support our application’s ability to perform mutual TLS with other applications. These kinds of concerns are covered in Chapter 11. The existence of secrets bring in many operational concerns to consider, such as:
- Secret rotation policies
How long is a secret allowed to remain before it must be changed?
- Key (encryption) rotation policies
Assuming secret data is encrypted at the application layer before being persisted to disk, how long is an encryption key allowed to stay around before it must be rotated?
- Secret storage policies
What requirements must be satisfied in order to store secret data? Do you need to persist secrets to isolated hardware? Do you need your secret management solution to integrate with a hardware security module (HSM)?
- Remediation plan
If secret(s) or encryption key(s) are compromised, how do you plan to remediate? Can your plan or automation be run without impact to applications?
A good starting point is to determine what layer to offer secret management for your applications. Some organizations choose to not solve this at a platform level and instead ...