Secrets handling

Secrets given by user

User's secrets, like passwords, must only be stored in a hashed manner (and never be logged). PII should be encrypted.

Secrets used by infrastructure

Secrets like credentials to a database, third party service etc. must be handles by a secret manager.