A secret is a capability that gives the holder of the secret the permission to take control of a running netlet, e.g. kill it, debug it, monitor its status. A netlet's secrets are listed in its descriptor.
Depending on the algorithm specified in the descriptor, a secret can be either a public key or an unencrypted string. The node must verify (i.e. challenge) any claims by netlets that they are party to a secret before granting them access.