Secret Management Workflow
Generate, categorize, and secure application secrets: API keys, JWT secrets, encryption keys, and DB passwords.
Quando usar esta receita
Generate all the secrets needed for a new application deployment. Each secret type has different requirements for length, format, and rotation frequency.
Etapas
Secret Generator
Experimente esta ferramenta →Generate API key
Secret Generator
Experimente esta ferramenta →Generate JWT secret
Secret Generator
Experimente esta ferramenta →Generate encryption key
Password Generator
Experimente esta ferramenta →Generate DB password
Hash Calculator
Experimente esta ferramenta →Create audit hashes
Perguntas frequentes
Where should I store application secrets?
Never in code or git. Use: environment variables (dev), AWS Secrets Manager / HashiCorp Vault (production), or .env files (local dev only, gitignored).
How do I manage secret rotation?
Use a secrets manager with rotation policies. Deploy with dual-key support (accept both old and new during rotation window). Automate rotation with CI/CD pipelines.
Receitas relacionadas
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.