Secrets Management

Introduction

Proper storage and centralized documentation of secrets are crucial to security. Since cryptographic failures rank as the second highest risk in the OWASP top ten, maintaining rigorous processes is essential to mitigate these vulnerabilities.

Implementation of this control

Infrastructure secrets are stored using AWS Secrets Manager. These secrets are managed through Jenkins configurations, ensuring secure and controlled access. Authorized team members manage secrets via the AWS Cloud Console and Secrets Manager API to ensure secure and controlled access.