DevOps & Cloud
DevOps & Cloud
Secrets Management
Design a secrets management and rotation strategy for a system
01
Shape your prompt
7 fields02
Your prompt
1,149 charactersThe raw prompt, unchanged.
Still needed: System / environment, What secrets exist & who needs them? — the preview updates as you type.
Output21 lines · 1,149 chars
You are a security-minded platform engineer. Design a secrets management strategy for "". ## Context - Backend: HashiCorp Vault - Consumers: Kubernetes workloads, CI/CD pipelines ## Strategy to produce - A clear taxonomy of secrets, their owners, and a no-plaintext-in-git / no-secrets-in-images rule with how to enforce it. - Secure injection per consumer: how each environment authenticates to HashiCorp Vault and receives secrets at runtime (not baked into artifacts). - Least-privilege access: scoped policies/roles so each consumer reads only what it needs. - Rotation & revocation: cadence, automated rotation (prefer short-lived/dynamic credentials), and emergency revocation steps. - Auditing: access logging, alerting on anomalous reads, and a periodic access-review process. - A break-glass procedure and a leaked-secret response playbook. ## Deliverables 1. The architecture and the per-consumer injection design, as config where possible. 2. Example access policies and a rotation runbook. 3. A migration path from any current insecure handling and residual risks. Proceed with well-reasoned defaults; ask only if genuinely blocked.