Approaches presented herein relate to the management of secure secrets in a distributed environment. In particular, various embodiments provide for the management of unique digital identities across multiple regions, where each region can include its own certificate authority. While these certificate authorities may operate independently, they can be part of a multi-primary system where unique identities and keys are stored redundantly across environments. In the event of a failure of a certificate authority in one region, another certificate authority in another region can continue security and authentication management, without a need to issue new identities or change operation of any of the regions. Parties to secure communications, such as application containers, can each receive their own unique identity which can be shared across various regions to allow related tasks (e.g., certificate issuance or revocation) to be performed identically from any of those regions.