Understanding Secrets Management¶
Secrets Management in Peakhour provides a secure, centralized system for storing and managing sensitive information such as API keys, passwords, and certificates. By using this feature, you can avoid hardcoding sensitive data in your configurations or scripts and improve your overall security posture.
Core Concepts¶
What is a Secret?¶
A secret is any piece of sensitive information that you need to store securely. Peakhour's Secrets Management system is designed to handle various types of secrets, each with specific use cases.
Secret Types: - API Key: For authenticating with third-party services. - Password: For storing user or service account passwords. - Certificate: For SSL/TLS certificates and private keys. - Generated: A secure, system-generated token or value that Peakhour creates for you.
Security Features¶
The system is built with security as the top priority, incorporating several key features:
- Encryption at Rest: All secrets are encrypted before being stored in the database, ensuring they are protected even in the event of a data breach.
- One-Time View: The value of a secret can only be viewed once, immediately after it is created. This minimizes the risk of exposure. After the initial display, the value cannot be retrieved again.
- Rotation: Secrets can be "rotated," which means a new version of the secret is created while the old one is deactivated. This is a security best practice that limits the lifespan of any single secret value.
- Auditability: While not exposed in the UI, all access and modifications to secrets are logged in the backend, providing an audit trail for compliance and security investigations.
Entity Association¶
Each secret is associated with a specific entity within your Peakhour account. This allows you to scope secrets appropriately and manage access control in the future.
Entity Types: - Account: The secret is associated with your entire account. - Domain: The secret is associated with a specific domain under your account. - User: The secret is associated with a specific user.
This structure ensures that secrets are logically grouped with the resources they pertain to.
Why Use Secrets Management?¶
- Enhanced Security: Prevents sensitive data from being exposed in code, configuration files, or environment variables.
- Centralized Control: Manage all your secrets from a single, secure location.
- Simplified Rotation: Easily update secrets without having to redeploy applications or change code.
- Compliance: Helps meet compliance requirements for handling sensitive data by providing secure storage and auditable actions.