Compliance
Key management and KMS policy
Secrets should be managed outside application code and rotated under a clear operational policy.
Required controls
- • Managed secret store or vault
- • Encryption-at-rest for databases, object storage, and backups
- • Defined key rotation cadence
- • Immediate revocation path for compromised credentials
- • Restricted access to production secrets