What Is Secret Management?
Secret management is a practice that allows developers to securely store sensitive data such as passwords, keys, and tokens, in a secure environment with strict access controls.
For small software projects, secret management can be simple to achieve. But as teams and software codebases grow, there are additional secrets spread across an application ecosystem, making them more difficult to manage. Microservices, development tools, containers, orchestrators, and API connections all require secrets to perform their functions, and these must be stored and delivered in a secure manner.
It is very common to have secrets hard-coded into scripts, configurations, or source code, making them easily accessible to attackers. Secret management solutions can ensure that sensitive information is never embedded into any artifact in plaintext, saving secrets separately from code, and providing an audit trail by enforcing privilege-based sessions for all access attempts.
Secret Management Challenges
The more complex an IT ecosystem and the more diverse and numerous the secrets, the harder it is to store, transfer, and track secrets securely.
Here are some common risks and considerations relating to secret management.
1. Manual Sharing and Failure to Rotate Sensitive Data
Without secrets management, the only way to enable software systems to access each other is to manually share secrets within teams, or embed them in code or configuration. This leads to the use of weak passwords, and reuse of passwords across systems.
In addition, without secret management it is very difficult to rotate secrets, because any change to a password requires changing code, configuration, or re-sharing passwords across unsecure channels. Passwords and access cannot easily be revoked when they are no longer needed.
2. Hardcoded Credentials
App-to-app and application-to-database access and communications require secrets such as privileged passwords to enable authentication. IoT devices and applications often use default hardcoded (embedded) credentials that hackers can easily crack using scanners, dictionary attacks, or guessing techniques. DevOps tools, in particular, usually have secrets embedded in files or scripts, jeopardizing the security of the automation process.
3. Lack of Awareness and Visibility
There are often many privileged applications, accounts, tools, microservices, or containers deployed across an organization’s environment, along with their associated secrets, such as keys and passwords. Some organizations have millions of SSH keys, which is only part of the overall secret management burden.
Decentralized ecosystems are especially problematic for managing secrets because different developers, admins, etc., manage secrets independently (if at all). The lack of enterprise-wide oversight ensures there’ll be security gaps and auditing difficulties.
4. Cloud Computing Privileges
Virtualization and cloud administrator consoles like Office 365 and AWS use superuser privileges allowing users to access a broad range of resources and spin up or wind down applications and VMs quickly. Every VM instance has separate secrets and privileges that require management. The scale of cloud environments contributes to the burden of managing secrets.
5. DevOps Solutions
Secrets require management across an organization’s IT ecosystem, but DevOps environments tend to amplify the challenges of secret management. DevOps teams usually use many different configuration management and orchestration tools, employing automated technologies and platforms that rely on secrets to operate. It is important to apply the best practices to secure these secrets, such as rotating credentials, limiting access, auditing, etc.
6. Third-Party Accounts and Remote Access
Third-party vendors and external users often access sensitive resources with accounts connected via a remote access solution. Ensuring external users implement the right remote access practices and authorization is challenging. In these cases, the organization relies on a third party to manage secrets, relinquishing some control of the IT system’s security.
7. Manual Processes for Managing Secrets
Password and secret security should not be the sole responsibility of humans, who are prone to error and mismanagement. Manual security processes are more likely to have gaps and poor secret hygiene, including default passwords, reused or shared passwords, hardcoded secrets, and uncomplex passwords. Human error and negligence can expose secrets and result in breaches.
8. Lack of Centralized Secrets Management
Another concern is the need for centralized secrets management. As the number, variety, and complexity of IT systems increases, it becomes increasingly difficult to enforce and manage consistent policies across systems, understand where secrets are and how they are used. This problem is known as “secret sprawl”—secrets are distributed across different systems, each with its own unique secret management strategy. Because each application, cloud provider, or organizational unit has its own security model, there is no visibility across the organization.
What Are Secret Management Tools and Why Are they Important?
Secret management tools can resolve these challenges and prevent unauthorized access to sensitive data. This reduces the risk of data breaches, data theft, and unauthorized manipulation or alteration of sensitive corporate data and personally identifiable information (PII). All of these can have disastrous consequences for an organization, including direct financial loss, reputational damage, legal exposure, and regulatory fines.
Secret management tools allow companies to maintain confidentiality for data like passwords, encryption keys, SSH keys, API keys, database credentials, tokens, and certificates—including TLS/SSL certificates and private certificates. These tools can securely store, transmit, and manage digital credentials.
Businesses use secret management solutions to centrally manage secrets for their entire IT ecosystem. These tools reduce the risks associated with inappropriate and manual secret management, such as hardcoding secrets into scripts, using default passwords, manually sharing passwords, and failing to rotate credentials.
Secret management tools replace manual secret management (for example, maintaining spreadsheets with credentials to sensitive systems) and provide centralized visibility, monitoring, and management for secrets across an organization. These tools are most commonly used by software developers, security professionals, and IT operations teams (DevOps or DevSecOps).
Best Practices for Secrets Management
Differentiate Between Secrets and Identifiers
Secrets are passwords, connection strings, and other information that can compromise your organization if exposed. It should only be shared with trusted applications and authenticated users or services.
Other information on the system, such as identifiers, IP addresses, user names, and DNS names, should be shared with discretion. These are not secrets, but they should not be easily guessed by third parties, and should be kept in confidence if possible. Identifiers should be unique for all clients of the authorization server.
Because identifiers are far less risky than secrets, it is important to clearly distinguish them and manage them separately from secrets. Secrets need to be very strictly controlled because they pose a direct risk of serious damage to applications and businesses if leaked.
In any organization, sensitive data and resources can be accessed by trusted user accounts and applications. This raises the risk that data will be compromised, either by malicious insiders or unintentional exposure. It is important to follow the principle of least privilege, in which a user or application is only granted privileges if they are necessary to perform its role. When access is no longer needed, it should be revoked.
When escalating privileges, for example to enable urgent maintenance work, this should be done with good reason and for a limited time. Privileged sessions should be carefully monitored to improve monitoring and accountability.
Rotate Secrets Frequently
Passwords and other secrets should be changed regularly after use. If a secret remains unchanged for a long time, more users and systems gain access to it, and can potentially compromise it. Secrets can be unknowingly leaked by employees or intentionally obtained by malicious agents, both inside and outside the organization. When using a secrets management tool, ensure you use its secret rotation functionality and set rotation to a sufficiently high frequency.
Encrypt Data Using a KMS
Ensure that all sensitive data is encrypted for added security. Because encryption keys are sensitive, and their loss means the loss of the underlying data, it is advisable to use a key management service (KMS). A KMS stores and manages keys and provides them automatically when data needs to be encrypted or decrypted. It also makes it possible to encrypt each dataset or resource with a different encryption key, helping you control access at a more granular level.
Detect Unauthorized Access
Even with the best security practices and tools, breaches will inevitably happen. Ensure you have a robust process for monitoring and identifying unauthorized access. Security, development, and operations teams should establish an incident response process to enable rapid response to a breach and fast remediation of any affected systems, to minimize damage to the organization.
Data Security with Imperva
Imperva Data Security Fabric protects all data workloads in hybrid multicloud environments with a modern and simplified approach to security and compliance automation. Imperva DSF flexible architecture supports a wide range of data repositories and clouds, ensuring security controls and policies are applied consistently everywhere.