Terminology

Store

Where secrets are stored. Locksmith does not store any literal secret strings in its database for security reasons and relies on secure-by-design external services.

Provider

A source of secrets like Entra ID or Apple. In Entra's case, they are generated by the service and must be used by the application. In Apple's case, the certificate is used by Locksmith to generate a JSON Web Token (JWT).

Receiver

Where a secret could be pushed to after rotation

Rotation

The act of creating a new secret in the provider. This could be happen due to a security incident or expiration and is what Locksmith seeks to automate.

Store​

Provider​

Receiver​

Rotation​

Store

Provider

Receiver

Rotation