Secrets Management: definition
Secrets management is a set of processes, policies, and technical mechanisms used to securely create, store, distribute, rotate, use, and revoke sensitive authentication data. Secrets include, among other things, passwords, API keys, encryption keys, certificates, access tokens, service account data, and credentials for databases and file systems. From a standards and compliance perspective, it forms part of the broader domain of identity management, access control, and cryptography, as described in ISO/IEC 27001:2022, ISO/IEC 27002:2022, NIST SP 800-57 Part 1 Rev. 5 (2020), and NIST SP 800-63B (2020).
In the context of photo and video anonymization, secrets management has very practical importance. A system for automatically detecting and blurring faces and license plates typically relies on multiple technical secrets. These may include encryption keys for storage media, credentials for AI model repositories, TLS certificates for the admin panel, access credentials for task queueing services, container image registries, backups, or identity management systems. If a secret is exposed, the risk affects more than just infrastructure. It can also lead to unauthorized access to source materials containing people’s faces and license plate numbers, which means access to personal data processed before anonymization.
For a Data Protection Officer, the key point is that secrets management is not just an administrative add-on. It is one of the security measures implemented in line with Article 5(1)(f), Article 25, and Article 32 of the GDPR. In practice, it determines whether photo and video anonymization takes place in a controlled environment, with least-privilege access and reduced incident impact.
The role of secrets management in photo and video anonymization
In systems that process images and video, a secret is not an end in itself. It is a safeguard that protects successive stages of working with files, AI models, and anonymization outputs. This applies to both on-premises deployments and hybrid environments. In the case of Gallio PRO, this is especially important because the software operates in the privacy protection space and automates the blurring of faces and license plates.
In a typical processing pipeline, material may go through file import, frame decoding, face and license plate detection, blur application, saving the output version, and deleting data after the retention period ends. Secrets are used at several of these stages.
- access secrets for file storage containing source and output materials,
- encryption keys for data at rest and in transit,
- service account credentials used to run the processing pipeline,
- certificates for authenticating internal services,
- secrets used to sign session tokens for operators and administrators,
- credentials for backup systems and model repositories.
If secrets management is handled incorrectly, an operator may not be able to demonstrate who accessed the source material, when they accessed it, and on what basis. In practice, this undermines accountability. This is particularly important when material contains personal data before anonymization, and when face or license plate blurring is performed in batch mode rather than in real time.
Technologies used in secrets management
Secrets management can be implemented at several levels. The foundation is a dedicated secrets vault or centralized secret store with access control, usage auditing, and rotation. In environments with higher security requirements, hardware security modules and key management systems are also used. Their role is to protect key material and limit direct administrator access to master keys.
In practice, the following technical approaches are commonly used:
- Vault or centralized secret store - stores secrets, issues them to processes after authentication, and enforces access policies.
- KMS - Key Management Service - manages cryptographic keys, often with envelope encryption capabilities.
- HSM - Hardware Security Module - protects keys in a tamper-resistant device. Security requirements for cryptographic modules are defined in FIPS 140-3, published by NIST in 2019.
- PKI and X.509 certificates - used for service authentication and connection encryption.
- Just-in-time credentials - short-lived credentials issued for the duration of a task instead of permanent passwords.
- Secret injection - delivering a secret to a process at runtime without storing it in source code or the container image.
In AI systems that process images, secrets should not be embedded in models, repository configuration files, or batch scripts. This also applies to pipelines that use deep learning models for face detection. Deep learning itself is necessary to build and run models that detect objects in images, but model security and secret security are two separate areas. The model is responsible for detection effectiveness, while secrets management is responsible for controlling access to data and infrastructure.
Key secrets management parameters and metrics
Assessing the maturity of secrets management requires measurable parameters. For photo and video anonymization environments, the most important metrics are those related to data exposure, response time, and access control. Some indicators are organizational, while others are strictly technical.
Parameter | Meaning | Example interpretation
|
|---|---|---|
Secret TTL | Secret lifetime | The shorter the TTL for task credentials, the lower the impact of a leak |
Rotation MTTR | Time needed to replace a compromised secret | A low MTTR reduces the abuse window after an incident |
Rotation coverage | Percentage of secrets covered by automatic rotation | 100% for service accounts is a more mature target than manual rotation |
Permission granularity | Level of precision in granting access | Separate secrets for file import, processing, and result export |
Secret retrieval latency | Time required for a service to obtain a secret | Excessive latency can slow down batch video processing |
Auditability | Ability to attribute secret usage to an identity and event | Important for accountability and incident analysis |
For risk analysis, the following simple supporting relationship can be used:
Secret exposure = validity period x scope of privileges x number of resources accessible with the secret
This is not a normative formula, but it is a useful comparison method. In practice, the most dangerous secrets are long-lived ones with broad privileges and access to multiple source material repositories.
Challenges and limitations of secrets management
Effective secrets management does not eliminate every threat. It does, however, reduce their scale and make response easier. In image processing environments, one common challenge is the distribution of components across operator workstations, processing servers, file repositories, backups, and administrative tools. Each of these elements may require its own access model.
The most common problems are as follows:
- secrets stored in scripts, configuration files, or command history,
- no separation between test and production environments,
- overprivileged service accounts,
- no rotation after staff changes or following an incident,
- insufficient auditing of secret usage,
- integration difficulties with legacy systems.
In the context of anonymizing visual materials, it is also important to distinguish secrets from personal data. A secret is not personal data in itself, but its disclosure may enable access to photos and recordings containing faces or license plates. That is why risk assessment should cover both the cryptographic layer and the image processing workflow itself.
Standards references and compliance practice
Secrets management should be linked to specific security requirements, not treated solely as an administrative best practice. In environments processing photos and recordings for anonymization, the most relevant standards are those covering access control, cryptography, event logging, and vulnerability management.
- GDPR - Regulation (EU) 2016/679, in particular Article 25 and Article 32 - data protection by design and by default, and security of processing.
- ISO/IEC 27001:2022 - information security management system.
- ISO/IEC 27002:2022 - guidance on security controls, including access control and the use of cryptography.
- NIST SP 800-57 Part 1 Rev. 5, 2020 - recommendations for cryptographic key management.
- NIST SP 800-63B, 2020 - requirements for authentication and authenticator secrets.
- FIPS 140-3, 2019 - security requirements for cryptographic modules.
- OWASP Secrets Management Cheat Sheet - a practical, non-normative document, but widely used as an implementation reference point.
In compliance practice, it is also important that an anonymization system does not collect excessive logs containing personal data. If a solution does not store logs from face and license plate detection and does not retain personal data in administrative logs, this reduces the amount of supporting data that would also need to be protected and retained.