A secrets manager stores sensitive credentials — API keys, passwords, certificates, tokens — centrally and encrypted. Applications retrieve secrets at runtime via an API instead of embedding them in configuration files or source code. This eliminates hard-coded credentials, which are one of the most common entry points for attackers. Popular solutions include HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault. You should configure access policies, rotation, and audit logging. In an ISMS, a secrets manager is a control for access security and cryptography management.