Skip to content

Secrets and Access Design

This page explains how to think about secrets, identity, and access control as part of system design.

Why It Matters

Many production issues are not only reliability problems. They also come from weak credential handling, broad permissions, and unclear access boundaries.

Core Areas

  • Secret storage
  • Identity and authentication
  • Authorization and RBAC
  • Network access control
  • Audit visibility

Basic Design Approach

  1. Identify what needs protection.
  2. Minimize who and what can access it.
  3. Use a proper secret store where possible.
  4. Rotate credentials regularly.
  5. Keep access auditable.

Common Risks

  • Secrets stored in code or pipeline files
  • Shared admin credentials
  • Broad production access for too many users
  • Weak separation between environments

Practical Advice

  • Use least privilege by default
  • Avoid long-lived shared credentials
  • Separate human and machine access paths
  • Make access reviews part of normal operations