[antonvs]

> In case of anything going wrong, all your regular user accounts would be locked

You're talking about a very specific and rare scenario, and certainly not something that justifies storing all your passwords in plaintext in a CSV file.

In almost all scenarios where you would need root credentials, having them in the provider's secret manager is fine.

Obviously you need to store root credentials outside of the secret manager as well, but that should be a "break glass" scenario that's only used in emergencies. And you don't store them in plaintext CSV.

> Unfortunately this is the gap between theory and implementation.

I don't disagree that there are many, many organizations that practice bad security. But that doesn't mean there are none that have good security. And one would expect CISA to have good security, otherwise there's really no point in its existence.

There's a difference between saying "this is what most organizations are like" and "this is the way it has to be". The former is true, the latter is false.