← Back to microservices patterns mapsecrets
🔑
Microservices Pattern
Secrets Management
Store and rotate credentials in a vault instead of hardcoding them.
Detailed Description
Secrets should not live in source code, container images, or plain environment dumps.
A vault provides access control, audit logs, versioning, and rotation workflows.
Visual Diagram
Service starts -> fetch secret from vault -> use short-lived credential -> rotate safely
Tradeoffs
Pros
Centralized rotation and audit
Cons
Vault availability and integration complexity
Examples: HashiCorp Vault, AWS Secrets Manager, encrypted K8s Secrets