diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 7601ea6..6568323 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -1,4 +1,5 @@
 # Table of contents
 
 * [Sandbox](README.md)
-* [Requirements for building blocks](guidelines-for-bbs.md)
\ No newline at end of file
+* [Technology stack](technologies.md)
+* [Requirements for building blocks](guidelines-for-bbs.md)
diff --git a/docs/technologies.md b/docs/technologies.md
new file mode 100644
index 0000000..2571c6d
--- /dev/null
+++ b/docs/technologies.md
@@ -0,0 +1,13 @@
+# Sandbox technology stack
+
+* [OCI](https://opencontainers.org/) compliant container images, e.g. [Docker](https://www.docker.com/)  
+* [Kubernetes](https://kubernetes.io/)
+* [Helm charts](https://helm.sh/docs/topics/charts/)
+* [CI/CD](https://en.wikipedia.org/wiki/CI/CD) pipeline configurations
+
+## Secret management
+The sandbox is a testing and development environment, so it has the following requirements for managing secrets:
+
+* Use [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/)
+* Don't keep secret in git repository (encrypted as well, due to rotation policy)
+* Use random generated passwords, e.g. [Helm randAlphaNum method](https://helm.sh/docs/chart_template_guide/function_list/#randalphanum-randalpha-randnumeric-and-randascii)
\ No newline at end of file