In Brief: Centralized secrets management with audit logs and automated rotation is becoming mandatory to meet regulatory requirements and reduce attack surfaces in cloud and container environments.
Cloud platforms and Kubernetes systems create a growing number of access points whose management has become a central security and compliance task. Regulatory requirements such as NIS2, KRITIS and DORA intensify the pressure to act on companies.
Secrets consist of certificates, cryptographic keys, passwords, tokens and API keys that applications need for authentication to systems and to access enterprise resources. These credentials are an attractive target for cyberattackers: they enable direct access to IT applications to steal data or damage critical systems. Classical security mechanisms often do not protect against such unauthorized access, meaning compromised secrets can go undetected for extended periods.
At the same time, regulatory requirements intensify pressure. Requirements from KRITIS, the NIS2 Directive and DORA demand traceable security measures and documented access controls. Companies must increasingly be able to prove who accessed sensitive data or systems and when. Auditors expect transparency in the management of permissions, certificates and cryptographic keys. Locally distributed credentials and missing logging significantly complicate these proofs.
Many companies still manage these requirements with classical means: individual password policies, spreadsheet documentation of certificates and manual rotation of credentials. However, in dynamic IT environments, these procedures are increasingly insufficient. Containers are created within seconds, new APIs and applications scale fully automatically, certificates sometimes have lifetimes of only a few seconds. The associated management effort increases continuously, while at the same time the risk of errors and security gaps grows.
A contemporary approach pursues centralized management of all secrets and the ability to control their use. This includes automated provisioning of credentials to applications, containers or servers as well as traceable audit logs and clearly defined permissions. Components receive only the credentials they need for their respective task. The use of secrets is logged, and security managers gain full visibility into the entire lifecycle of these sensitive data.
Source: www.it-daily.net · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.7.3.