Hello, everyone. I was reading all of the arguments and consolidating my thoughts based on the ones that were presented. Here it goes my humble contribution. Answering the last question if application credentials meet this need, I'd say potentially YES. Considering all the features that AppCreds (for short) bring to the game, such as: 1. Enforcing Least Privilege. 2. Providing Revocation and Rotation. 3. Enabling Improved Auditability. 4. And addressing Service Authentication. I'd say it helps a lot in this sense. Remembering that AppCreds are an authentication mechanism, not a secrets storage solution... In this topic (protection of secrets), the argument that the privilege escalation to root on a specific system/host undermines the need to protect sensitive data, such as secrets, is absolutely obsolete. We have to have a strong way to protect the keys that encrypt the secrets to avoid that an attacker who successfully escalates privileges to root on an owned system is able to access such sensitive data, and potentially compromise other systems. Just to mention two de-facto standards that touch this point, we have NIST Special Publication 800-53 [1] and ENISA NIS 2 directive [2]. Defense in Depth must always come to the discussion no matter what. Best regards, Mauricio [1] https://csrc.nist.gov/pubs/sp/800/53/r5/final [2] https://www.enisa.europa.eu/publications/nis2-technical-implementation-guida...