---
description: Olares secrets management system principles, detailing vault items, credentials, secrets and integration credentials classification. Explains sensitive data storage strategies.
---
# Secrets

Olares categorizes secrets based on usage scenarios and employs various management techniques.

|             | Data Type                                                                                                | Storage Location                    | Leak Risk                                                                       | Usage                                                                                                                  |
|-------------|----------------------------------------------------------------------------------------------------------|-------------------------------------|---------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|
| Vault items | Includes website and <br/>database passwords, <br/>blockchain private <br/>keys, etc.                    | Vault                               | Encrypted data in Olares ensures that third parties cannot view even upon logging in | Each use requires a signature from LarePass                                                                            |
| Credentials | System access <br/>credentials obtained<br/> post-secure<br/> authentication:<br/> Tokens, Cookies, etc. | [Infisical](https://infisical.com/) | Viewable by third parties post-authentication in Olares by following specific steps | Available to applications through an API after obtaining Provider permissions                                          |
| Secret      | Sensitive data used<br/> in Pod containers,<br/> like database <br/>connections and <br/> admin accounts       | ETCD                                | Directly visible in [Control Hub](../../manual/olares/controlhub/manage-workload)                                       | Used in Helm deployment templates; secret values are injected into environment variables via valueFrom -> secretKeyRef |

## Integration credential 

Users can enable applications within Olares to access external service credentials by logging into third-party service accounts through Settings. Examples include:

- Logging in to Olares Space allows the backup service to request tokens for automated backend backups.
- Logging into Google enables Files to synchronize with data from Google Drive.

Applications in Olares can retrieve these third-party service credentials via the [Service Provider](../develop/advanced/provider.md).

## Application credential

- Applications within Olares can manage and utilize [credentials](../develop/advanced/secret.md) via system-provided interfaces.
- Credentials generated by an application are exclusively restricted to that application's use.