Secrets management centralizes storage and access to API keys, passwords, certificates, and tokens — providing access control, audit logs, rotation, and dynamic short-lived credentials.
HashiCorp Vault is the dominant open-source secrets manager. AWS Secrets Manager, Azure Key Vault are cloud-native options. Dynamic secrets (generated on demand, short-lived) are more secure than static credentials. Never store secrets in code or environment variables.