Secrets Management Across Services

Every service needs secrets: database passwords, API keys, signing keys, and payment credentials. If exposed, they can be used to impersonate the service or access sensitive systems.

In microservices, secrets spread across many services, repos, CI pipelines, containers, and teams, which makes leaks and rotation harder.

Secrets management centralizes them in one encrypted, audited place.

This chapter covers unsafe approaches, secrets managers, identity-based access, rotation, encryption, and disaster recovery when services depend on the vault.