Security by Design Never Share Secrets Between Stages Rotate Secrets Frequently Automate Key Rotation Audit Trails Encrypted at Rest TLS Everywhere MFA Everywhere Password-based security is not sufficient. Too many passwords have been compromised over the years and aggregated as part of massive rainbow tables which make password cracking much more effective. Othertimes, users simply share passwords with eachother and forget to change them. The best wat to mitigate the usefulness of a credential (e.
This is a companion discussion topic for the original entry at https://docs.cloudposse.com/tags/secrets/