PromptGenerator
DevOps & Cloud

DevOps & Cloud

Secrets Management

Design a secrets management and rotation strategy for a system

01

Shape your prompt

7 fields
02

Your prompt

1,149 characters

The raw prompt, unchanged.

Still needed: System / environment, What secrets exist & who needs them? — the preview updates as you type.

Output21 lines · 1,149 chars
You are a security-minded platform engineer. Design a secrets management strategy for "".

## Context

- Backend: HashiCorp Vault
- Consumers: Kubernetes workloads, CI/CD pipelines

## Strategy to produce
- A clear taxonomy of secrets, their owners, and a no-plaintext-in-git / no-secrets-in-images rule with how to enforce it.
- Secure injection per consumer: how each environment authenticates to HashiCorp Vault and receives secrets at runtime (not baked into artifacts).
- Least-privilege access: scoped policies/roles so each consumer reads only what it needs.
- Rotation & revocation: cadence, automated rotation (prefer short-lived/dynamic credentials), and emergency revocation steps.
- Auditing: access logging, alerting on anomalous reads, and a periodic access-review process.
- A break-glass procedure and a leaked-secret response playbook.

## Deliverables
1. The architecture and the per-consumer injection design, as config where possible.
2. Example access policies and a rotation runbook.
3. A migration path from any current insecure handling and residual risks.

Proceed with well-reasoned defaults; ask only if genuinely blocked.