ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eedfafcae292f1e1c4e27e9cbde3a70381176598
nexus/wiki/concepts/Secrets-Management.md

34 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Secrets Management"
type: concept
tags:
- Security
- Cloud
- DevOps
last_updated: 2026-04-14
---
## Definition
密钥管理Secrets Management是指管理数字认证凭证密码、密钥、API、Tokens的工具和方法论用于确保应用服务、特权账号和 IT 生态中其他敏感部分的安全存储与访问控制。
## Core Components
- **凭证存储**安全存储密码、API 密钥、数据库凭证、证书等敏感数据
- **访问控制**:基于 IAM 角色和标签的精细化权限管理
- **密钥轮换**:自动化定期更换密钥以降低泄露风险
- **审计日志**:记录所有密钥访问和变更操作
- **与 CI/CD 集成**:从集中化存储而非代码库中获取密钥
## Key Tools
- [[AWS-Secrets-Manager]]AWS 托管服务,开箱即用集成 RDS/Redshift/DynamoDB
- [[HashiCorp-Vault]]:自托管、云厂商无关,支持动态密钥和嵌入式证书签名
## Related Concepts
- [[API-Key-Rotation]]API 密钥的定期更换机制
- [[IAM]]:身份与访问管理,是密钥访问控制的基础
- [[CI/CD-Secrets]]CI/CD 流水线中的密钥管理最佳实践
- [[Secret-Rotation]]:密钥轮换的具体实现机制
## Sources
- [[ctp-topic-37-secrets-certificates-management]]
- [[ctp-topic-62-aws-secrets-manager]]
Reference in New Issue View Git Blame Copy Permalink