Secrets Management Lifecycle

Secrets: birth to death. The lifecycle.

Creation

Auto-generated. Stored in vault.

Never plaintext in transit.

Use

Apps fetch at startup; refresh on schedule.

Workload identity preferred.

Rotation

Auto-rotate. Versioned for rollback.

Downtime-free.

Destruction

After rotation: old version destroyed.

No long tail.