1. Home
  2. Techniques
  3. Enterprise
  4. Credentials from Password Stores
  5. Cloud Secrets Management Stores

Credentials from Password Stores: Cloud Secrets Management Stores

ID Name
ATAGS-T1113.001 Cloud Secrets Management Stores
ATAGS-T1113.002 Credentials from Web Browsers
ATAGS-T1113.003 Keychain
ATAGS-T1113.004 Password Managers
ATAGS-T1113.005 Securityd Memory
ATAGS-T1113.006 Windows Credential Manager

Threat Actors may acquire credentials from cloud-native secret management solutions such as AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, and Terraform Vault. 

ID: ATAGS-T1113.001
Sub-technique of:  ATAGS-T1113
Tactic: Credential Access
Targeted Components: Mission, Personnel & Identity
Responsibility: Shared
Created: 18 April 2026
Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.