Update Secrets_Management_Cheat_Sheet.md

cheatsheets/Secrets_Management_Cheat_Sheet.md

@@ -587,45 +587,45 @@ Additional considerations for logging of secrets usage should include:
 
 Consider using a standardized logging format and vocabulary such as the [Logging Vocabulary Cheat Sheet](Logging_Vocabulary_Cheat_Sheet.md) to ensure that all necessary information is logged.
 
-## 10 Related Cheat Sheets & further reading
-
-- [Key Management Cheat Sheet](Key_Management_Cheat_Sheet.md)
-- [Logging Cheat Sheet](Logging_Cheat_Sheet.md)
-- [Password Storage Cheat Sheet](Password_Storage_Cheat_Sheet.md)
-- [Cryptographic Storage Cheat Sheet](Cryptographic_Storage_Cheat_Sheet.md)
-- [OWASP WrongSecrets project](https://github.com/OWASP/wrongsecrets/)
-- [Blog: 10 Pointers on Secrets Management](https://xebia.com/blog/secure-deployment-10-pointers-on-secrets-management/)
-- [Blog: From build to run: pointers on secure deployment](https://xebia.com/from-build-to-run-pointers-on-secure-deployment/)
-- [Github listing on secrets detection tools](https://github.com/topics/secrets-detection)
-- [NIST SP 800-57 Recommendation for Key Management](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
-- [OpenCRE References to secrets](https://opencre.org/cre/223-780)
-
-## 11 Secrets Management in a Multi-Cloud Environment
+## 10 Secrets Management in a Multi-Cloud Environment
 
-### 11.1 Introduction
+### 10.1 Introduction
 
 Managing secrets in a multi-cloud environment presents unique challenges due to the diversity of cloud providers and their respective services. This section discusses the challenges and best practices for managing secrets across multiple cloud providers.
 
-### 11.2 Challenges
+### 10.2 Challenges
 
 1. **Diverse APIs and Interfaces**: Each cloud provider has its own API and interface for managing secrets, which can lead to complexity in integrating and managing secrets across multiple providers.
 2. **Inconsistent Security Policies**: Different cloud providers may have varying security policies and practices, making it challenging to enforce consistent security standards across all environments.
 3. **Key Rotation**: Ensuring that keys are rotated consistently and securely across multiple cloud providers can be difficult, especially if each provider has different mechanisms for key rotation.
 4. **Access Control**: Managing access control for secrets across multiple cloud providers can be complex, as each provider may have different access control mechanisms and policies.
 5. **Auditing and Monitoring**: Ensuring comprehensive auditing and monitoring of secret access and usage across multiple cloud providers can be challenging due to the differences in logging and monitoring capabilities.
 
-### 11.3 Best Practices
+### 10.3 Best Practices
 
 1. **Use a Centralized Secrets Management Solution**: Implement a centralized secrets management solution that can integrate with multiple cloud providers. This can help standardize the management of secrets and enforce consistent security policies across all environments. Examples include HashiCorp Vault and CyberArk Conjur.
 2. **Standardize Security Policies**: Define and enforce standardized security policies for managing secrets across all cloud providers. This includes policies for key rotation, access control, and auditing.
 3. **Automate Key Rotation**: Implement automated key rotation processes to ensure that keys are rotated consistently and securely across all cloud providers. Use tools and scripts to automate the rotation process and reduce the risk of human error.
 4. **Implement Fine-Grained Access Control**: Use fine-grained access control mechanisms to restrict access to secrets based on the principle of least privilege. Ensure that access control policies are consistently enforced across all cloud providers.
 5. **Enable Comprehensive Auditing and Monitoring**: Implement comprehensive auditing and monitoring of secret access and usage across all cloud providers. Use centralized logging and monitoring solutions to aggregate and analyze logs from multiple providers.
 
-### 11.4 References
+### 10.4 References
 
 - [HashiCorp Vault](https://www.vaultproject.io/)
 - [CyberArk Conjur](https://www.conjur.org/)
 - [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/)
 - [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/)
 - [Google Cloud Secret Manager](https://cloud.google.com/secret-manager)
+
+## 10 Related Cheat Sheets & further reading
+
+- [Key Management Cheat Sheet](Key_Management_Cheat_Sheet.md)
+- [Logging Cheat Sheet](Logging_Cheat_Sheet.md)
+- [Password Storage Cheat Sheet](Password_Storage_Cheat_Sheet.md)
+- [Cryptographic Storage Cheat Sheet](Cryptographic_Storage_Cheat_Sheet.md)
+- [OWASP WrongSecrets project](https://github.com/OWASP/wrongsecrets/)
+- [Blog: 10 Pointers on Secrets Management](https://xebia.com/blog/secure-deployment-10-pointers-on-secrets-management/)
+- [Blog: From build to run: pointers on secure deployment](https://xebia.com/from-build-to-run-pointers-on-secure-deployment/)
+- [Github listing on secrets detection tools](https://github.com/topics/secrets-detection)
+- [NIST SP 800-57 Recommendation for Key Management](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
+- [OpenCRE References to secrets](https://opencre.org/cre/223-780)