Joint Guidance

Managing cryptographic keys and secrets

The National Cyber Security Centre (NCSC) has joined international partners to release guidance on the threat environment and the value of implementing secure keys and secrets management to make better-informed decisions.

Roles & Audiences

27 August 2025

The compromise of any private key or secret can have significant, or even severe, negative operational, financial and reputational impacts on an organisation.

This guidance is part of the broader Secure by Design initiative by the authoring agencies. It highlights the threat environment, significant areas of key and secret management organisations, and also the importance of building a strong Key Management Plan (KMP).

The NCSC and its international partners recognise the value of understanding the threat environment and that it is critical that organisations can trust the keys and secrets used within their information environment.

We encourage security personnel whose organisations rely on, use or manage cryptographic keys and secrets in New Zealand to familiarise themselves with this guidance and apply the best practices.

Read the full guidance here. External Link

If you have any questions about this guidance, contact info@ncsc.govt.nz