Follow these best practices to maximize the security and reliability of your secret management:

1. Rotate Secrets Regularly

  • Change secrets (API keys, passwords, tokens) on a regular schedule.
  • Immediately rotate secrets if you suspect they are compromised.

2. Use Role-Based Access Control

  • Assign the minimum permissions necessary for each user or service.
  • Use roles and groups to manage access efficiently.

3. Audit and Monitor Usage

  • Regularly review audit logs for unusual or unauthorized access.
  • Set up alerts for sensitive operations (e.g., secret deletion, permission changes).

4. Separate Environments

  • Use different secrets for development, staging, and production.
  • Never use production secrets in non-production environments.

5. Secure API Tokens

  • Store API tokens in secure locations (environment variables, secret stores).
  • Never commit secrets or tokens to version control.

6. Incident Response

  • Have a plan for responding to secret leaks or unauthorized access.
  • Revoke and rotate affected secrets immediately.
  • Notify affected users and update documentation as needed.

7. Use Tenant and User Scoping Appropriately

  • Store shared secrets at the tenant level.
  • Store personal or user-specific secrets at the user level.
For more information, see the User Manual & Usage Guide or contact support at support@hexelstudio.com.