Secrets handling¶
Secrets given by user¶
User's secrets, like passwords, must only be stored in a hashed manner (and never be logged). PII should be encrypted.
Secrets used by infrastructure¶
Secrets like credentials to a database, third party service etc. must be handles by a secret manager.