1、Secrets ManagementMaturity ModelAs organizations are looking to develop secure digital services faster,the DevSecOps movement has seen its popularity soar,with the promise of breaking the silo between development,operations,and security.Although many tools and practices have emerged to support the d

2、evelopment of “secure by default”applications for the cloud,the matter is still far from resolved.Secrets management,in particular,remains a thorny issue even for the most mature organizations.With hyperconnected systems,secrets have become omnipresent along the software development cycle,making the

3、 legacy security perimeter obsolete.With this document,we wish to contribute to the consolidation of knowledge around DevSecOps practices by introducing a secrets management maturity model.Information security leaders who would like to start by doing a quick assessment of their security posture can

4、take the following five-minute questionnaire(its completely anonymous):Secrets Management Maturity QuestionnaireThe result chart at the end will provide an overview of their current level of secrets management maturity,complete with weaknesses and strengths,and invite them to jump directly to the mo

5、st relevant part of this white paper.A maturity model is a tool that helps people assess the current effectiveness of a person or group and supports figuring out what capabilities they need to acquire next in order to improve their performance.-Martin FowlerA DevSecOps ChallengeNo Silver bulletA qui

6、ck look at the Secrets Management PanoramaKey considerations for secrets managementThe ModelDeveloper environmentSource code management(source code&Infrastructure-as-Code)CI/CD pipelines&artifactsRuntime environmentBonus:KubernetesOther considerationsAccess controlsSecrets qualityLogging and auditin