Secret Management refers to tools or methods that are used to manage authentication credentials (or secrets). These may include passwords, access keys, API keys, and tokens that can be used in applications, services, privileged accounts or other sensitive areas of the IT ecosystem.
- By this approach, service accounts — generic administrative accounts which may be assumed by one or more users — can access these secrets, but no one else
- Not compliant with regulatory requirements which specify FIPS-certified hardware
Why is Secret Management important?
Passwords and access keys are some of the most used tools to authenticate users or automated applications onto the network or give access to specific services, systems, or information that might be otherwise classified. Since these secrets need to be transferred securely, secret management would need to account for and mitigate the risk portrayed on the secrets while in transit as well as on rest.
Some of the secrets include:
- API keys or other application keys/credentials
- SSH Keys
- Database and other system passwords
- Certificates for secure communication (TLS/SSL and more).
- Private encryption keys such as PGP
- RSA and other one-time password devices
Challenges in Secret Management
As IT infrastructure grows and develops, it increases the complexity and the diversity of the secrets involved that needs to be properly protected. Those secrets should be securely stored, transmitted and audited securely.
Some of the common risk and considerations are:
Incomplete visibility and awareness
All privileged accounts, applications, tools, containers, or microservices deployed across the environment, and the associated passwords, keys, and other secrets. SSH keys alone may number in the millions at some organizations, which should provide an inkling of a scale of the secrets management challenge. This becomes a particular shortcoming of decentralized approaches where admins, developers, and other team members all manage their secrets separately, if they’re managed at all. Without oversight that stretches across all IT layers, there are sure to be security gaps, as well as auditing challenges.
Privileged passwords and other secrets are needed to facilitate authentication for app-to-app (A2A) and application-to-database (A2D) communications and access. Often, applications and IoT devices are shipped and deployed with hardcoded, default credentials, which are easy to crack by hackers using scanning tools and applying simple guessing or dictionary-style attacks. DevOps tools frequently have secrets hardcoded in scripts or files, which jeopardizes security for the entire automation process.
Privileged credentials and the cloud
Cloud and virtualization administrator consoles (as with AWS, Office 365, etc.) provide broad superuser privileges that enable users to rapidly spin up and spin down virtual machines and applications at massive scale. Each of these VM instances comes with its own set of privileges and secrets that need to be managed
While secrets need to be managed across the entire IT ecosystem, DevOps environments are where the challenges of managing secrets seem to be particularly amplified at the moment. DevOps teams typically leverage dozens of orchestration, configuration management, and other tools and technologies (Chef, Puppet, Ansible, Salt, Docker containers, etc.) relying on automation and other scripts that require secrets to work. Again, these secrets should all be managed according to best security practices, including credential rotation, time/activity-limited access, auditing, and more.
Third-party vendor accounts/remote access solutions
How do you ensure that the authorization provided via remote access or to a third-party is appropriately used? How do you ensure that the third-party organization is adequately managing secrets?
Manual secrets management processes
Leaving password security in the hands of humans is a recipe for mismanagement. Poor secrets hygiene, such as lack of password rotation, default passwords, embedded secrets, password sharing, and using easy-to-remember passwords, mean secrets are not likely to remain secret, opening up the opportunity for breaches. Generally, more manual secrets management processes equate to a higher likelihood of security gaps and malpractices.