Why architecture matters here
Secrets fail on leaks and lifecycle. A committed key gets scanned in seconds. A stale credential surfaces during pentest. Rotation without downstream update breaks apps.
The architecture matters because managing secrets is an ongoing discipline, not a one-time setup.
The architecture: every piece explained
The top strip is storage. Secret creator generates or provides. Secret manager holds. Versioning preserves history + rollback. Access policy gates who reads.
The middle row is delivery. Rotation is scheduled or triggered. Injection can be env vars, files, or SDK. Short-lived leases issue dynamic credentials with TTL. Audit log records every access.
The lower rows are ops. Break-glass is emergency access with heavy audit. Compliance gates. Ops runs rotation drills + workload identity migration.
End-to-end flow
End-to-end: DB password stored in secret manager with versioning. Rotation weekly: new version created; DB users updated; apps rotate via SDK. Access via role-based policy. Audit log records access. Compliance report generated monthly. Short-lived leases used where possible; the long-lived password is now the exception.