Skip to content

Too Many Entities Are Fetching the Same Secret

Eco-system support

  • AWS Secrets Manager

  • Azure Key Vault

  • GCP Secrets Manager

Description

When a secret is accessed by too many entities, it increases the risk of it being leaked or compromised. It's critical to limit access to sensitive information to only those who absolutely need it. This helps to maintain the confidentiality and integrity of the information, ensuring that it is not misused or disclosed to unauthorized parties. For better granular control, create a unique secret for each type of application.

Detection triggers

  • 4 or more identities retrieve the same secret

Mitigation

Secret is overused, create additional secret

Divide overused secrets among these different workloads by creating additional secrets.