Best Practices for Secret Management - Hexel Studio

Follow these best practices to maximize the security and reliability of your secret management:

1. Rotate Secrets Regularly

Change secrets (API keys, passwords, tokens) on a regular schedule.
Immediately rotate secrets if you suspect they are compromised.

2. Use Role-Based Access Control

Assign the minimum permissions necessary for each user or service.
Use roles and groups to manage access efficiently.

3. Audit and Monitor Usage

Regularly review audit logs for unusual or unauthorized access.
Set up alerts for sensitive operations (e.g., secret deletion, permission changes).

4. Separate Environments

Use different secrets for development, staging, and production.
Never use production secrets in non-production environments.

5. Secure API Tokens

Store API tokens in secure locations (environment variables, secret stores).
Never commit secrets or tokens to version control.

6. Incident Response

Have a plan for responding to secret leaks or unauthorized access.
Revoke and rotate affected secrets immediately.
Notify affected users and update documentation as needed.

7. Use Tenant and User Scoping Appropriately

Store shared secrets at the tenant level.
Store personal or user-specific secrets at the user level.

For more information, see the User Manual & Usage Guide or contact support at support@hexelstudio.com.

On this page

1. Rotate Secrets Regularly
2. Use Role-Based Access Control
3. Audit and Monitor Usage
4. Separate Environments
5. Secure API Tokens
6. Incident Response
7. Use Tenant and User Scoping Appropriately