Essentials of Secrets: Workshop
RCCE students will learn secrets management including credential vaulting, dynamic secrets, secret rotation, access policies, and secret sprawl prevention. RCCE students will learn to deploy and operate secrets management platforms like HashiCorp Vault, manage database credentials, API keys, certificates, and encryption keys centrally, implement dynamic secrets that are generated on-demand and expire automatically, configure automatic secret rotation, enforce access policies for secret retrieval, detect and remediate secret sprawl across repositories and configuration files, audit secret access, and respond to incidents involving leaked or compromised credentials. This essentials course covers the core knowledge needed to operate competently in this domain. Starting from foundational concepts, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Essentials of Secrets: Workshop
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for what are secrets?
- Execute hands-on tasks for why secrets management matters
- Execute hands-on tasks for consequences of poor secrets management — covering Unauthorized access to production systems.
- Execute hands-on tasks for the secret lifecycle
- Execute hands-on tasks for rotation & revocation — covering Strong entropy sources.
- Execute hands-on tasks for understanding secret sprawl
- Execute hands-on tasks for source code — covering Hardcoded in application code.
- Execute hands-on tasks for config files — covering .env files in repos, Pipeline env variables.
- Execute hands-on tasks for ci/cd pipelines — covering Pipeline env variables.
- Execute hands-on tasks for risk amplifiers
- Execute hands-on tasks for prevention strategies — covering Each copy is an additional attack surface, Centralized vault as single source.
| Module 01 | Learning Objectives |
| Module 02 | What Are Secrets? |
| Module 03 | Why Secrets Management Matters |
| Module 04 | Consequences of Poor Secrets Management |
| Module 05 | The Secret Lifecycle |
| Module 06 | Rotation & Revocation |
| Module 07 | Understanding Secret Sprawl |
| Module 08 | Source Code |
| Module 09 | Config Files |
| Module 10 | CI/CD Pipelines |
| Module 11 | Risk Amplifiers |
| Module 12 | Prevention Strategies |
| Module 13 | Credential Vaulting Concepts |
| Module 14 | Access Control |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of secrets: workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for learning objectives
- Lab 2: Execute hands-on tasks for what are secrets?
- Lab 3: Execute hands-on tasks for why secrets management matters
- Lab 4: Execute hands-on tasks for consequences of poor secrets management
- Lab 5: Execute hands-on tasks for the secret lifecycle
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of Secrets: Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI