Secrets inventory
This document is intentionally internal-only.
Lists every credential type, where it's stored, and rotation cadence. Publishing this hands an attacker an inventory of credentials worth phishing or extracting. We disclose summary commitments (rotation ≤ 90d) on /security but never the inventory itself.
What we can share
Customer security reviews receive a summary of the controls described in this document via the HECVAT response. To request the relevant summary, contact [email protected].