Term · 27. Emerging Categories 2024-2026

Secrets Vaulting

IDM/IGA Domain

NHI PAM OWASP Introduced by: Big4 (Deloitte / PwC / EY / KPMG)

Definition

Sub-discipline of Secrets Management focused on cryptographically secure storage and retrieval of machine credentials. Vault typically uses HSM-backed master keys, encryption-at-rest, sealing/unsealing protocols (Shamir's Secret Sharing), and fine-grained ACL policies. Distinct from secrets rotation, distribution, and lifecycle workflows which constitute the broader Secrets Management discipline.

Synonyms

Secret vaulting
Centralised secrets storage

Application: Regulatory: OWASP NHI Top 10 (2025) / SAMM

Standards & regulations

OWASP

Related terms

Secrets Management (SM)

Centralized lifecycle management of API keys, database passwords, certificates, OAuth client secrets, encryption keys, a …
Short-Lived Credentials

Authentication tokens with brief lifetime (minutes to hours) instead of long-lived secrets (months to years). Foundation …
Non-Human Identity (NHI)

Identities for service accounts, API keys, OAuth client secrets, machine certificates, workload identities (AWS IAM role …
Service Account (SA)

Non-human account used by applications, services, or scheduled tasks to authenticate to other systems. Common categories …
Technical Account (TA)

Generic term for non-human accounts used for system-to-system communication — synonymous with service account in many co …
AI Agent Credential Lifecycle Management

Specialised lifecycle workflows for AI agent credentials — provisioning short-lived tokens scoped to specific tasks, rot …

← Back to glossary · Open in main list