A method and system for securely storing, managing, and sending critical application data (application secrets) are disclosed. The invention provides an application program interface (API) through which applications (code components) can request a secure store component (SSC) store an application secret, retrieve an application secret, and send an application secret from one code component to another. The SSC encrypts and stores the application secrets using a symmetric cipher algorithm with a key derived by combining machine-specific entropy and evidence associated with the application (or code component), using a mechanism such as a hashing function. When an application requests the SSC to return a stored application secret, the SSC decrypts the secret using a key derived from machine-specific entropy and evidence associated with the application requesting the secret. A secret owning application can also request the SSC to create an object storing the encrypted secret, evidence associated with an intended recipient, and evidence associated with the owning application, in order to send the application secret to another code component.