If you are deploying application, at some point you have to:
In any of those steps, there is a need to expose sensitive information to your deployment, so it can authenticate and access resources properly. We usually call those sensitive pieces of data a secret.
The secret is any non-public information you want to control and limit access to.
Most common used secrets when managing infrastructure are:
passwords / PIN
API keys / tokens
How can we protect those secret information, but at the same time make them available to a service or person with proper authorization?
Security control proposal
In complex environment, solution is to use secret management software accessible via network. Those solutions usually has multiple advantages:
one place for secrets, hence projects are scalable
ability to revoke access
security - data are usually encrypted at rest
Most common on-premise secret management solutions are:
Of course, for simple projects and small deployments, it's possible to encrypt secret information in a git repository, however, this solution does not scale and is not future-proof, so we consider it out-of-scope.