Secure Secrets & Credentials in Infrastructure Code

This standard mandates the secure management of secrets and credentials in infrastructure code to prevent security breaches.

1. Secure Secrets & Credentials in Infrastructure Code:

Prevent security breaches by managing sensitive data securely. This approach ensures that sensitive information is protected.

• 1.1 Secret Management Tools:
  • 1.1.1 Tool Utilisation:
    • Use secret management tools (e.g., AWS Secrets Manager, HashiCorp Vault, Azure Key Vault).
    • Automate the configuration of secret management tools.
  • 1.1.2 Tool Implementation:
    • Automate the integration of secret management tools.
    • Implement secret management tutorials.
• 1.2 Plaintext Storage Prevention:
  • 1.2.1 Credential Protection:
    • Never store API keys, passwords, or credentials in plaintext IaC repositories.
    • Automate the detection of plaintext credentials.
  • 1.2.2 Storage Management:
    • Automate the tracking of credential storage.
    • Implement storage feedback collection.
• 1.3 Secret Rotation and Access Control:
  • 1.3.1 Automation Implementation:
    • Rotate secrets automatically and ensure least-privilege access control.
    • Automate the rotation of secrets.
  • 1.3.2 Access Management:
    • Automate the enforcement of least-privilege access.
    • Implement access control tutorials.

By securing secrets and credentials, organisations can protect sensitive information.