Secret Management Workflow
Generate, categorize, and secure application secrets: API keys, JWT secrets, encryption keys, and DB passwords.
이 레시피 활용 시점
Generate all the secrets needed for a new application deployment. Each secret type has different requirements for length, format, and rotation frequency.
단계
Secret Generator
이 도구 사용해보기 →Generate API key
Secret Generator
이 도구 사용해보기 →Generate JWT secret
Secret Generator
이 도구 사용해보기 →Generate encryption key
Password Generator
이 도구 사용해보기 →Generate DB password
Hash Calculator
이 도구 사용해보기 →Create audit hashes
자주 묻는 질문
Where should I store application secrets?
Never in code or git. Use: environment variables (dev), AWS Secrets Manager / HashiCorp Vault (production), or .env files (local dev only, gitignored).
How do I manage secret rotation?
Use a secrets manager with rotation policies. Deploy with dual-key support (accept both old and new during rotation window). Automate rotation with CI/CD pipelines.
관련 레시피
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.