diff --git a/knowledge base/cloud computing/aws/README.md b/knowledge base/cloud computing/aws/README.md
index da6cb68..0fa4427 100644
--- a/knowledge base/cloud computing/aws/README.md	
+++ b/knowledge base/cloud computing/aws/README.md	
@@ -227,6 +227,7 @@ One can can rapidly remapping addresses to other instances in one's account and
 | [Route53]                     | DNS                                           |
 | [S3]                          | Storage                                       |
 | [Sagemaker]                   | Machine learning                              |
+| [Secrets Manager]             | Secrets management                            |
 | [Security Hub]                | Aggregator for security findings              |
 | [SNS]                         | Pub/sub message delivery                      |
 | [SQS]                         | Queues                                        |
@@ -895,6 +896,7 @@ machine if not.
 [route53]: route53.md
 [s3]: s3.md
 [sagemaker]: sagemaker.md
+[secrets manager]: secrets%20manager.md
 [sns]: sns.md
 [sqs]: sqs.md
 
diff --git a/knowledge base/cloud computing/aws/secrets manager.md b/knowledge base/cloud computing/aws/secrets manager.md
new file mode 100644
index 0000000..7bc0687
--- /dev/null
+++ b/knowledge base/cloud computing/aws/secrets manager.md	
@@ -0,0 +1,74 @@
+# AWS Secrets Manager
+
+AWS' native secrets management service.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+Provides integration with the AWS ecosystem and has automatic rotation capabilities specifically designed for AWS
+services.
+
+Offers precise access control to each secret via fine-grained IAM permissions with resource-based policies.<br/>
+Supports VPC endpoints to enables private network access without the need for Internet routing. Optimal for air-gapped
+or highly secure environments.<br/>
+Critical secrets can be replicated cross-region.
+
+Costs $0.40 per secret per month, plus $0.05 per 10,000 API calls.<br/>
+Secrets that are marked for deletion are not paid for.
+
+Secrets Manager uses keys from KMS to encrypt the secrets it manages.<br/>
+On first use, Secrets Manager creates the AWS-managed key `aws/secretsmanager` to encrypt the secrets given to it. There
+is **no** cost for using this key.<br/>
+When _automatic_ rotation is turned on for a secret, Secrets Manager uses a Lambda function to rotate it. The use of the
+Lambda function is charged at the current Lambda rate.
+The rotation function is **not** called for secrets using _managed_ rotation.
+
+Logs of the API calls that Secrets Manager sends out are sent to CloudTrail, if it is enabled. Costs for CloudTrail are
+**in addition** to the ones incurred by using Secrets Manager.
+
+```sh
+aws secretsmanager create-secret --name 'TestSecretFromFile' --secret-string 'file://gcp_credentials.json'
+aws secretsmanager create-secret \
+  --name 'MyTestSecret' --description 'A test secret created with the CLI.' \
+  --secret-string '{"user":"diego","password":"EXAMPLE-PASSWORD"}' \
+  --tags '[{"Key": "FirstTag", "Value": "FirstValue"}, {"Key": "SecondTag", "Value": "SecondValue"}]'
+```
+
+Secrets can be any text or binary up to 65536 bytes (64KB).<br/>
+Should one want to automatically rotate them, they must contain the specific JSON fields that the rotation function
+expects. Refer the [JSON structure of AWS Secrets Manager secrets].
+
+Secret have versions that hold copies of their encrypted value.<br/>
+When changing the secret value, or when the secret is rotated, Secrets Manager creates a new version and serves that by
+default. The old version is kept (up to a point), but not accessed unless specifically requested.
+
+One can access a secret across multiple Regions by replicating it.<br/>
+When replicating a secret, Secrets Manager creates a copy of the original (A.K.A. _primary_) secret. That copy is known
+as a _replica_ secret.<br/>
+The replica secret remains linked to the primary secret, and is updated when a new version of the primary is created.
+
+Secrets Manager uses [IAM] to allow only authorized users to access or modify a secret.
+
+_Managed_ secrets are created and managed by the AWS service that created them.<br/>
+The managing service might also restrict users from updating secrets, or deleting them without a recovery period.<br/>
+Managed secrets use a naming convention that includes the ID of the service managing them.
+
+## Further readings
+
+### Sources
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[IAM]: iam.md
+
+<!-- Upstream -->
+<!-- Others -->
+[JSON structure of AWS Secrets Manager secrets]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html
diff --git a/knowledge base/grafana.md b/knowledge base/grafana.md
index 4b61ecb..9110734 100644
--- a/knowledge base/grafana.md	
+++ b/knowledge base/grafana.md	
@@ -337,7 +337,7 @@ All the references in the [further readings] section, plus the following:
 [further readings]: #further-readings
 
 <!-- Knowledge base -->
-[Hashicorp Vault]: vault.md
+[HashiCorp Vault]: hashicorp%20vault.md
 [loki]: loki.md
 [prometheus]: prometheus/README.md
 
diff --git a/knowledge base/vault.md b/knowledge base/hashicorp vault.md
similarity index 81%
rename from knowledge base/vault.md
rename to knowledge base/hashicorp vault.md
index 2f6926b..a0b604d 100644
--- a/knowledge base/vault.md	
+++ b/knowledge base/hashicorp vault.md	
@@ -1,6 +1,4 @@
-# Hashicorp Vault
-
-## Table of contents <!-- omit in toc -->
+# HashiCorp Vault
 
 1. [TL;DR](#tldr)
 1. [Further readings](#further-readings)
@@ -38,11 +36,16 @@ vault read -format 'json' 'secret/data/demo-app/config'
 
 ## Further readings
 
-- [HashiCorp Vault]
+- [Website]
+- [Secrets management]
 
 <!--
-  References
+  Reference
+  ═╬═Time══
   -->
 
+<!-- Knowledge base -->
+[Secrets management]: secrets%20management.md
+
 <!-- Upstream -->
-[hashicorp vault]: https://www.vaultproject.io/
+[Website]: https://www.vaultproject.io/
diff --git a/knowledge base/infisical.md b/knowledge base/infisical.md
new file mode 100644
index 0000000..fb50e48
--- /dev/null
+++ b/knowledge base/infisical.md	
@@ -0,0 +1,72 @@
+# Infisical
+
+Open-source platform for [secrets management], PKI, and SSH access.<br/>
+Centralizes application configuration, secrets and credentials management, and PKI management.
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+_Identities_ are user or machine accounts. Each of them gets assigned sets of roles and permissions.<br/>
+They can manage secrets in _clients_ after whey verified themselves through authentication.
+
+_Clients_ are Infisical-developed tools for managing secrets in various infrastructure components.
+
+<!-- Uncomment if used
+<details>
+  <summary>Setup</summary>
+
+```sh
+```
+
+</details>
+-->
+
+<!-- Uncomment if used
+<details>
+  <summary>Usage</summary>
+
+```sh
+```
+
+</details>
+-->
+
+<!-- Uncomment if used
+<details>
+  <summary>Real world use cases</summary>
+
+```sh
+```
+
+</details>
+-->
+
+## Further readings
+
+- [Website]
+- [Codebase]
+- [Secrets management]
+
+### Sources
+
+- [Documentation]
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[Secrets management]: secrets%20management.md
+
+<!-- Files -->
+<!-- Upstream -->
+[codebase]: https://github.com/Infisical/infisical
+[documentation]: https://infisical.com/docs
+[website]: https://infisical.com/
+
+<!-- Others -->
diff --git a/knowledge base/jargon.md b/knowledge base/jargon.md
index c4b0f76..d114e9d 100644
--- a/knowledge base/jargon.md	
+++ b/knowledge base/jargon.md	
@@ -69,6 +69,7 @@
 | HPC     | High Performance Computing                             | Collections of systems and tools used to achieve a greater processing capacity than the single unit |
 | IaC     | [Infrastructure as Code][iac]                          |                                                                                                     |
 | IC      | Integrated Circuit                                     |                                                                                                     |
+| IDP     | Internal Developer Platform                            |                                                                                                     |
 | IIRC    | If I Remember/Recall Correctly                         |                                                                                                     |
 | IoT     | Internet of Things                                     | Also see [LoRa]                                                                                     |
 | IP      | Internet Protocol                                      |                                                                                                     |
diff --git a/knowledge base/openssl.md b/knowledge base/openssl.md
index 373bdcc..7c9d903 100644
--- a/knowledge base/openssl.md	
+++ b/knowledge base/openssl.md	
@@ -125,8 +125,10 @@ $ openssl req -x509 -out 'cert.pem' \
   -newkey 'rsa:4096' -keyout 'key.pem' -days '365' -nodes \
   -subj "/C=NL/ST=Nederlands/L=Amsterdam/O=Mek Net/OU=Org/CN=mek.info"
 Generating a 4096 bit RSA private key
-..............................................................................................................................................................................................................................++
-...........................................................................................................................................................................++
+........................................................................................................................
+......................................................................................................++
+........................................................................................................................
+...................................................++
 writing new private key to 'key.pem'
 -----
 
@@ -220,6 +222,7 @@ See [code 20](#code-20-unable-to-get-local-issuer-certificate).
 - [Verify certificate chain with OpenSSL]
 - [How to put domain correctly in CSR?]
 - [OpenSSL command cheatsheet]
+- [The Only OpenSSL CheatSheet You Will Need!]
 
 <!--
   Reference
@@ -236,4 +239,5 @@ See [code 20](#code-20-unable-to-get-local-issuer-certificate).
 [openssl commands to check and verify your ssl certificate, key and csr]: https://www.ibm.com/support/pages/openssl-commands-check-and-verify-your-ssl-certificate-key-and-csr
 [openssl unable to verify the first certificate for experian url]: https://stackoverflow.com/questions/7587851/openssl-unable-to-verify-the-first-certificate-for-experian-url
 [the most common openssl commands]: https://www.sslshopper.com/article-most-common-openssl-commands.html
+[The Only OpenSSL CheatSheet You Will Need!]: https://www.golinuxcloud.com/openssl-cheatsheet
 [verify certificate chain with openssl]: https://www.itsfullofstars.de/2016/02/verify-certificate-chain-with-openssl/
diff --git a/knowledge base/pulumi.md b/knowledge base/pulumi.md
index 383c048..7b14d73 100644
--- a/knowledge base/pulumi.md	
+++ b/knowledge base/pulumi.md	
@@ -1,23 +1,26 @@
 # Pulumi
 
 1. [TL;DR](#tldr)
-1. [Project](#project)
-1. [Program](#program)
+1. [Projects](#projects)
+1. [Programs](#programs)
    1. [Ignore changes](#ignore-changes)
    1. [Delete before replacing](#delete-before-replacing)
    1. [Assign tags to resources by default](#assign-tags-to-resources-by-default)
    1. [Outputs](#outputs)
    1. [Policy enforcement](#policy-enforcement)
-1. [Stack](#stack)
+1. [Stacks](#stacks)
    1. [Monolith vs micro-stack](#monolith-vs-micro-stack)
-   1. [State](#state)
-   1. [Configuration](#configuration)
-1. [Backend](#backend)
+   1. [States](#states)
+   1. [Configurations](#configurations)
+1. [Backends](#backends)
    1. [Enforce specific backends for projects](#enforce-specific-backends-for-projects)
    1. [Migrate to different backends](#migrate-to-different-backends)
-1. [Compose resources](#compose-resources)
-1. [Import resources](#import-resources)
+1. [Composing resources](#composing-resources)
+1. [Importing resources](#importing-resources)
    1. [Import components and their children](#import-components-and-their-children)
+1. [Pulumi Cloud](#pulumi-cloud)
+   1. [ESC](#esc)
+   1. [IDP](#idp)
 1. [Troubleshooting](#troubleshooting)
    1. [A project with the same name already exists](#a-project-with-the-same-name-already-exists)
    1. [Assume role with MFA enabled but AssumeRoleTokenProvider session option not set](#assume-role-with-mfa-enabled-but-assumeroletokenprovider-session-option-not-set)
@@ -27,18 +30,18 @@
    1. [Stack init fails due to missing scheme](#stack-init-fails-due-to-missing-scheme)
    1. [Stack init fails due to invalid key identifier](#stack-init-fails-due-to-invalid-key-identifier)
 1. [Further readings](#further-readings)
-   1. [Sources](#sources)
+    1. [Sources](#sources)
 
 ## TL;DR
 
-| Concept         | ELI5 summary                                               | Notes                                                                                |
-| --------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------ |
-| [Project]       | Any folder that contains a `Pulumi.yaml` file              | Collection of code                                                                   |
-| [Program]       | The code in a project                                      | Defines resources                                                                    |
-| [Stack]         | An isolated, independent instance of a _program_           | Has its own _configuration_ and _state_<br/>Usually defines an environment or branch |
-| [Configuration] | The specific data used in a _stack_                        | Each _stack_ has its own _configuration_                                             |
-| [State]         | Metadata about resources in a _stack_                      | Each _stack_ has its own _state_                                                     |
-| [Backend]       | Storage place for one or more _projects_' sets of _states_ |                                                                                      |
+| Concept             | ELI5 summary                                               | Notes                                                                                |
+| ------------------- | ---------------------------------------------------------- | ------------------------------------------------------------------------------------ |
+| [Project][projects] | Any folder that contains a `Pulumi.yaml` file              | Collection of code                                                                   |
+| [Program][programs]           | The code in a project                                      | Defines resources                                                                    |
+| [Stack][stacks]             | An isolated, independent instance of a _program_           | Has its own _configuration_ and _state_<br/>Usually defines an environment or branch |
+| [Configuration][configurations]     | The specific data used in a _stack_                        | Each _stack_ has its own _configuration_                                             |
+| [State][states]             | Metadata about resources in a _stack_                      | Each _stack_ has its own _state_                                                     |
+| [Backend][backends]           | Storage place for one or more _projects_' sets of _states_ |                                                                                      |
 
 When a stack is not explicitly requested in a command (`-s`, `--stack`), Pulumi defaults to the currently selected
 one.<br/>
@@ -511,9 +514,9 @@ Learning resources:
 - [Code examples]
 - [Resources reference]
 
-## Project
+## Projects
 
-Refer to [projects] for more and updated information.
+Refer [Project][pulumi projects] for more and updated information.
 
 Projects are collections of code.<br/>
 Namely, they are the folders containing a `Pulumi.yaml` project file.<br/>
@@ -537,10 +540,10 @@ pulumi new 'kubernetes-yaml' --generate-only
 pulumi new 'oci-java'
 ```
 
-## Program
+## Programs
 
 Programs are the the files containing the resources' definitions.<br/>
-They are deployed into [stacks][stack].
+They are deployed into [stacks].
 
 ### Ignore changes
 
@@ -628,30 +631,30 @@ TODO
 
 See [Automatically Enforcing AWS Resource Tagging Policies], [Get started with Pulumi policy as code].
 
-## Stack
+## Stacks
 
-Refer to [stacks] for more and updated information.
+Refer [Stack][pulumi stack] for more and updated information.
 
-Single isolated, independent instance of a [program].<br/>
+Single isolated, independent instance of a [program][programs].<br/>
 Each stack has its own separate set of configuration and secrets, role-based access controls (RBAC), policies and
 resources.
 
 The stack name can be specified in one of these formats:
 
 - `stackName`: identifies the stack named `stackName` in the current user account or default organization.<br/>
-  Its [project] is specified by the nearest `Pulumi.yaml` project file.
+  Its [project][projects] is specified by the nearest `Pulumi.yaml` project file.
 - `orgName/stackName`: identifies the stack named `stackName` in the organization named `orgName`<br/>
-  Its [project] is specified by the nearest `Pulumi.yaml` project file.
+  Its [project][projects] is specified by the nearest `Pulumi.yaml` project file.
 - `orgName/projectName/stackName`: identifies the stack named `stackName` for the project named `projectName` in the
   organization named `orgName`.<br/>
   `projectName` must match the project specified by the nearest `Pulumi.yaml` project file.
 
-For self-managed [backends][backend], the `orgName` portion of the stack name must always be the constant string value
+For self-managed [backends], the `orgName` portion of the stack name must always be the constant string value
 `organization`.
 
 ### Monolith vs micro-stack
 
-Refer to [organizing pulumi projects & stacks] for more and updated information.
+Refer [Organizing pulumi projects & stacks] for more and updated information.
 
 Monoliths are single, big projects defining all the resources (infrastructure, application, others) for an entire set of
 services.<br/>
@@ -718,24 +721,23 @@ root/
         └── app/…
 ```
 
-### State
+### States
 
-Refer to [state] for more and updated information.
+Refer [State][pulumi state] for more and updated information.
 
-Every [stack] has its own state.
+Every [Stack][stacks] has its own state.
 
 States are stored in transactional snapshots called _checkpoints_ and are saved as JSON files.<br/>
 Pulumi records checkpoints early and often, so that it can execute similarly to how database transactions work.<br/>
-Checkpoints are stored in the [backend], under the `.pulumi/stacks/{project.name}` folder. See the
-[backend] section for details.
+Checkpoints are stored in the stack's [backend][backends], under the `.pulumi/stacks/{project.name}` folder.
 
-### Configuration
+### Configurations
 
 TODO
 
-## Backend
+## Backends
 
-Refer to [state] for more and updated information.
+Refer [State][pulumi state] for more and updated information.
 
 > Pulumi is designed to use only a single backend at a time.
 
@@ -760,7 +762,7 @@ The Pulumi Cloud backend records every checkpoint to allow to recover from exoti
 Self-managed backends may have more trouble recovering from these situations, as they typically store a single state
 file instead.
 
-Backends store the states of one or more [stacks][stack], divided by [project].
+Backends store the states of one or more [stacks], divided by [project][projects].
 Everything **but** the credentials for the backend (`~/.pulumi/credentials.json`) is stored in the backend's root
 directory, under the `.pulumi` folder:
 
@@ -881,9 +883,9 @@ backend:
    cat 'Pulumi.mario.yaml'
    ```
 
-## Compose resources
+## Composing resources
 
-FIXME: should this be under [Program]?
+FIXME: should this be under [Programs]?
 
 Refer [Component resources] and [Create a ComponentResource].
 
@@ -1166,9 +1168,9 @@ serviceRole.assumeRole.iamPolicy.name.apply(policyName => console.log(policyName
 
 </details>
 
-## Import resources
+## Importing resources
 
-FIXME: should this be under [Program] or [Stack]?
+FIXME: should this be under [Programs] or [Stacks]?
 
 Existing resources can be imported in Pulumi's states for Pulumi to manage.
 
@@ -1347,6 +1349,35 @@ $ pulumi preview
 
 </details>
 
+## Pulumi Cloud
+
+### ESC
+
+Environments, Secrets, and Configuration.
+
+Integrates with most popular secrets stores to pull and synchronize secrets and configuration data.
+
+Refer [Pulumi ESC][pulumi esc docs] for more and updated information.
+
+> [!important]
+> ESC is currently provided **exclusively** as part of Pulumi Cloud. One **will** need to create a Pulumi account to be
+> able to use it.
+
+### IDP
+
+Internal Developer Platform.
+
+Allows defining building blocks using [components][composing resources] and templates, enabling developers to provision
+infrastructure resources in the way that best suits them.<br/>
+Developers can write Pulumi programs in their preferred programming language, scaffold components using low-code YAML
+templates, or deploy no-code programs from the Pulumi console.
+
+Refer [Pulumi IDP][pulumi idp docs] for more and updated information.
+
+> [!important]
+> IDP is currently provided **exclusively** as part of the Enterprise tier of Pulumi Cloud. One **will** need to create
+> a Pulumi account to be able to use it.
+
 ## Troubleshooting
 
 ### A project with the same name already exists
@@ -1484,8 +1515,6 @@ Solution: Read [secrets], and fix the configuration by providing a correct key i
 ### Sources
 
 - [Documentation]
-- [Stacks]
-- [State]
 - [Assigning tags by default on AWS with Pulumi]
 - [Organizing Pulumi projects & stacks]
 - [Aligning Projects between Service and Self-Managed Backends]
@@ -1508,16 +1537,18 @@ Solution: Read [secrets], and fix the configuration by providing a correct key i
   -->
 
 <!-- In-article sections -->
-[backend]: #backend
-[configuration]: #configuration
-[enforce specific backends for projects]: #enforce-specific-backends-for-projects
-[monolith vs micro-stack]: #monolith-vs-micro-stack
-[program]: #program
-[project]: #project
-[stack]: #stack
+[Backends]: #backends
+[Configurations]: #configurations
+[Enforce specific backends for projects]: #enforce-specific-backends-for-projects
+[Monolith vs micro-stack]: #monolith-vs-micro-stack
+[Programs]: #programs
+[Projects]: #projects
+[Stacks]: #stacks
+[States]: #states
+[Composing resources]: #composing-resources
 
 <!-- Knowledge base -->
-[terraform]: terraform.md
+[Terraform]: terraform.md
 
 <!-- Files -->
 <!-- Upstream -->
@@ -1535,21 +1566,23 @@ Solution: Read [secrets], and fix the configuration by providing a correct key i
 [ignorechanges]: https://www.pulumi.com/docs/concepts/options/ignorechanges/
 [importing resources]: https://www.pulumi.com/docs/iac/adopting-pulumi/import/
 [organizing pulumi projects & stacks]: https://www.pulumi.com/docs/using-pulumi/organizing-projects-stacks/
-[projects]: https://www.pulumi.com/docs/concepts/projects/
 [property paths]: https://www.pulumi.com/docs/iac/concepts/miscellaneous/property-paths/
 [pulumi config set-all]: https://www.pulumi.com/docs/cli/commands/pulumi_config_set-all/
 [pulumi crosswalk for aws]: https://www.pulumi.com/docs/iac/clouds/aws/guides/
+[pulumi esc docs]: https://www.pulumi.com/docs/esc/
+[pulumi idp docs]: https://www.pulumi.com/docs/idp/
 [pulumi import]: https://www.pulumi.com/docs/iac/cli/commands/pulumi_import/
 [pulumi new]: https://www.pulumi.com/docs/cli/commands/pulumi_new/
 [pulumi preview]: https://www.pulumi.com/docs/iac/cli/commands/pulumi_preview/
+[pulumi projects]: https://www.pulumi.com/docs/concepts/projects/
+[pulumi stack]: https://www.pulumi.com/docs/concepts/stack/
+[pulumi state]: https://www.pulumi.com/docs/concepts/state/
 [pulumi troubleshooting]: https://www.pulumi.com/docs/support/troubleshooting/
 [pulumi up --plan without error message (exit code 255)]: https://github.com/pulumi/pulumi/issues/11303#issuecomment-1311365793
 [pulumi-aws/issues/1366]: https://github.com/pulumi/pulumi-aws/issues/1366
 [resources reference]: https://www.pulumi.com/resources
 [secrets]: https://www.pulumi.com/docs/concepts/secrets/
 [stack references]: https://www.pulumi.com/docs/concepts/stack/#stackreferences
-[stacks]: https://www.pulumi.com/docs/concepts/stack/
-[state]: https://www.pulumi.com/docs/concepts/state/
 [update plans]: https://www.pulumi.com/docs/concepts/update-plans/
 [website]: https://www.pulumi.com/
 [workshops]: https://github.com/pulumi/workshops
diff --git a/knowledge base/secrets management.md b/knowledge base/secrets management.md
new file mode 100644
index 0000000..2369293
--- /dev/null
+++ b/knowledge base/secrets management.md	
@@ -0,0 +1,76 @@
+# Secrets management
+
+1. [TL;DR](#tldr)
+1. [The problem at hand](#the-problem-at-hand)
+1. [Further readings](#further-readings)
+   1. [Sources](#sources)
+
+## TL;DR
+
+_Vaults_ and _secrets managers_ are centralized solution that manage secrets.<br/>
+Examples: [HashiCorp Vault], [OpenBao], [Bitwarden Secrets Manager], [1Password Secrets Automation], [CyberArk Conjur],
+[Akeyless].
+
+_Secrets orchestration platforms_ offer a transparent access point for users while being a vault itself and/or syncing
+secrets between multiple other vaults and secrets managers.<br/>
+Examples: [Doppler], [Infisical], [Pulumi ESC].
+
+Solutions should be easy to use and get **out** of their users' way, so that they can be more easily adopted.
+
+## The problem at hand
+
+Secrets are usually bad managed in local development environments.<br/>
+The process of grabbing all required secrets on local machines is often manual, cumbersome, and prone to errors.<br/>
+This causes the onboarding process to slow down, and encourages developers to follow insecure practices when sharing
+secrets.
+
+Saving secrets in (possibly encrypted) git-tracked files (e.g. `.env`) still lacks the level of syncing teams might
+require.<br/>
+Even if notified, developers don't usually pull the updated files nor make all the required adjustments immediately,
+likely being then forced to lose time debugging issues due to deprecated or changed data.
+
+Even with a working synchronization process, it's common for developers to accidentally leak secrets as part of
+commits.<br/>
+As soon as a secret is part of the git history, it becomes a security issue and it is hard to get it removed
+properly.<br/>
+Though git hooks exist, it is likely for them to be misconfigured or simply skipped (`git commit --no-verify`).
+
+Having a centralized solution to manage secrets can come to the rescue, as long as it is adopted profusely.<br/>
+The only way this can happen is if that solution is easy to use and manage, and get **out** of the way of
+developers.<br/>
+_Vaults_ and _secrets managers_ usually do a good job for this.
+
+Tools might also integrate with or support only one or a small set of solutions, limiting the choice of platforms.<br/>
+It would be good to have a way to sync secrets between multiple platforms. Even better, to use a single access point to
+abstract the sync process and make it transparent.<br/>
+This is what _secrets orchestration platforms_ try to solve.
+
+## Further readings
+
+- [HashiCorp Vault]
+- [Infisical]
+
+### Sources
+
+- [Secrets Management Tools: The Complete 2025 Guide]
+
+<!--
+  Reference
+  ═╬═Time══
+  -->
+
+<!-- In-article sections -->
+<!-- Knowledge base -->
+[HashiCorp Vault]: hashicorp%20vault.md
+[Infisical]: infisical.md
+[Pulumi ESC]: pulumi.md#esc
+
+<!-- Files -->
+<!-- Others -->
+[1Password Secrets Automation]: https://1password.com/developers/secrets-management
+[Akeyless]: https://www.akeyless.io/
+[Bitwarden secrets manager]: https://bitwarden.com/products/secrets-manager/
+[CyberArk Conjur]: https://www.conjur.org/
+[Doppler]: https://www.doppler.com/
+[OpenBao]: https://openbao.org/
+[Secrets Management Tools: The Complete 2025 Guide]: https://www.pulumi.com/blog/secrets-management-tools-guide/
diff --git a/snippets/aws/other commands.fish b/snippets/aws/other commands.fish
index 2de7769..ff80546 100644
--- a/snippets/aws/other commands.fish	
+++ b/snippets/aws/other commands.fish	
@@ -489,6 +489,18 @@ aws s3api list-buckets --output 'text' --query 'Buckets[].Name' | xargs -n '1' a
 aws --profile 'someProfile' s3api head-bucket --bucket 'someBucket'
 
 
+###
+# Secrets
+# ------------------
+###
+
+aws secretsmanager create-secret --name 'TestSecretFromFile' --secret-string 'file://mycreds.json'
+aws secretsmanager create-secret \
+	--name 'MyTestSecret' --description 'A test secret created with the CLI.' \
+	--secret-string '{"user":"diegor","password":"EXAMPLE-PASSWORD"}' \
+	--tags '[{"Key": "FirstTag", "Value": "FirstValue"}, {"Key": "SecondTag", "Value": "SecondValue"}]'
+
+
 ###
 # SNS
 # ------------------
