ASVS Requirement 13.3.1

• Level: 2
• Chapter: V13 Configuration
• Section: V13.3 Secret Management
• Source: 0x22-V13-Configuration.md

Description

Verify that a secrets management solution, such as a key vault, is used to securely create, store, control access to, and destroy backend secrets. These could include passwords, key material, integrations with databases and third-party systems, keys and seeds for time-based tokens, other internal secrets, and API keys. Secrets must not be included in application source code or included in build artifacts. For an L3 application, this must involve a hardware-backed solution such as an HSM.