Code Room
System designHardsd-g614
Subject Secrets management securityLevel Senior–Staff~50 minCommon in Security interviewsIndustries Technology

Question

Design a secrets-management system (a vault) for an org with 8,000 microservices that must store and broker access to database credentials, API keys, and TLS private keys. It must support dynamic, short-lived database credentials minted on demand, audited access, and a master-key seal so that even root DB compromise of the vault's own store yields only ciphertext. Peak is ~50k secret reads/sec, p99 under 20ms, and a leaked secret must be revocable fleet-wide in seconds. Cover storage, the encryption/trust model, dynamic secrets, and rotation.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.