Secrets management is still a mess in 2026
5 mins
It is 2026. There are .env files committed to private repositories right now. There are passwords in Kubernetes Secret objects encoded as base64, which is not encryption, and someone on that team thinks it is. There are production credentials in a shared Bitwarden folder with twelve people’s access that nobody has audited since the last two people left.
Secrets management is a solved problem in the sense that we know what good looks like. It’s an unsolved problem in the sense that most teams aren’t doing it.