Security / SEC-001
Security Standard

SEC-001 — Credential & Secret Management

Defines Apple Passwords as the approved 2026 credential manager and establishes storage, naming, recovery, and migration requirements.

Document: SEC-001Type: StandardStatus: ApprovedOwner: Cloudberrie LeadershipVersion: 4.2.0Updated: 2026-07-17

Decision

Approved for calendar year 2026: Apple Passwords is Cloudberrie Studio India LLP’s credential manager while infrastructure access is administered by a very small number of authorized people.

All company credentials, passkeys, recovery codes, and secure account notes must be stored in Apple Passwords. Plain-text copies in email, chat, spreadsheets, unprotected notes, screenshots, or source repositories are prohibited.

Scope

InfrastructureCloudflare, GitHub, Firebase, domain registrar, Apple Developer, Google Play and future cloud providers.
OperationsGoogle Workspace administration, Meta Business, LinkedIn, YouTube, Canva, OpenAI and vendor portals.
RecoveryMFA backup codes, recovery contacts, account creation date and authenticator method.
SecretsAPI credentials and webhook secrets only when the platform does not offer a dedicated secrets store.

Entry Naming Standard

Cloudberrie - Cloudflare
Cloudberrie - GitHub
Cloudberrie - Google Workspace
Cloudberrie - Firebase
Cloudberrie - Domain Registrar
Cloudberrie - Apple Developer
Cloudberrie - Meta Business

Use the service name, not an individual employee’s name, for company platform credentials.

Required Entry Contents

FieldRequirement
WebsiteOfficial sign-in URL
UsernameExact login identity, such as accounts@cloudberrie.com
Password or passkeyGenerated strong credential or saved passkey
NotesLegal owner, MFA status, authenticator, creation date, recovery-code date and exceptional setup information
Recovery codesStore in the same protected entry or a clearly linked protected entry

Cloudflare Example

Title: Cloudberrie - Cloudflare
Website: https://dash.cloudflare.com
Username: accounts@cloudberrie.com

Notes:
Owner: Cloudberrie Studio India LLP
Infrastructure timezone: UTC
MFA: Enabled
Recovery codes stored: 2026-07-17
Account state at creation: No domains, Pages projects, Workers, R2, D1 or billing resources

Prohibited Storage

  • Unprotected Apple Notes or text files
  • Google Docs, Word files, spreadsheets or the Cloudberrie Manual
  • Email, WhatsApp, Slack or social direct messages
  • GitHub repositories, committed configuration files or screenshots
  • Browser downloads left indefinitely in Downloads

Review and Migration Trigger

The standard will be reviewed in January 2027. Review earlier if any of these occurs:

  • Three or more employees require access to shared company credentials.
  • Separate role-based vaults or audit logs are required.
  • Credential sharing becomes recurring.
  • Offboarding requires centralized revocation.
  • A client, insurer, regulator or contract requires business-grade credential governance.

The preferred product for formal evaluation is 1Password Business; the selection remains subject to cost, administration and security review.