diff --git a/README.md b/README.md
index e2d5d30a..be55e1be 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,7 @@ The following Auth0 resources are supported:
 - [ ] [Device Credentials](https://auth0.com/docs/api/management/v2#!/Device_Credentials/get_device_credentials)
 - [x] [Grants](https://auth0.com/docs/api/management/v2#!/Grants/get_grants)
 - [x] [Hooks](https://auth0.com/docs/api/management/v2#!/Hooks/get_hooks)
+- [x] [HookSecrets](https://auth0.com/docs/api/management/v2#!/Hooks/get_secrets)
 - [x] [Logs](https://auth0.com/docs/api/management/v2#!/Logs/get_logs)
 - [x] [Prompts](https://auth0.com/docs/api/management/v2#!/Prompts/get_prompts)
 - [x] [Resource Servers (APIs)](https://auth0.com/docs/api/management/v2#!/Resource_Servers/get_resource_servers)
diff --git a/management/hook_secrets.go b/management/hook_secrets.go
new file mode 100644
index 00000000..6c0acb4e
--- /dev/null
+++ b/management/hook_secrets.go
@@ -0,0 +1,41 @@
+package management
+
+type HookSecrets = map[string]string
+
+type HookSecretsManager struct {
+	*Management
+}
+
+func newHookSecretsManager(m *Management) *HookSecretsManager {
+	return &HookSecretsManager{m}
+}
+
+// Upserts hook secrets
+//
+// See: https://auth0.com/docs/api/management/v2#!/Hooks/post_secrets
+func (m *HookSecretsManager) Upsert(hookId string, r *HookSecrets) (err error) {
+	return m.post(m.hookPath(hookId), r)
+}
+
+// Reads hook secrets
+//
+// Note: For security, hook secret values cannot be retrieved outside rule
+// execution (they all appear as "_VALUE_NOT_SHOWN_")
+//
+// See: https://auth0.com/docs/api/management/v2#!/Rules_Configs/get_rules_configs
+func (m *HookSecretsManager) Read(hookId string) (r *HookSecrets, err error) {
+	err = m.get(m.hookPath(hookId), &r)
+	return
+}
+
+// Delete a list of hook secret keys from a given hook's secrets identified by its hookId and the keys
+//
+// See: https://auth0.com/docs/api/management/v2#!/Rules_Configs/delete_rules_configs_by_key
+func (m *HookSecretsManager) Delete(hookId string, keys ...string) (err error) {
+	return m.request("DELETE", m.hookPath(hookId), keys)
+}
+
+
+func (m *HookSecretsManager) hookPath(hookId string) string {
+	return m.uri("hooks", hookId, "secrets")
+}
diff --git a/management/hook_secrets_test.go b/management/hook_secrets_test.go
new file mode 100644
index 00000000..2ffdb961
--- /dev/null
+++ b/management/hook_secrets_test.go
@@ -0,0 +1,69 @@
+package management
+
+import (
+	"gopkg.in/auth0.v4/internal/testing/expect"
+	"testing"
+
+	"gopkg.in/auth0.v4"
+)
+
+func TestHookSecrets(t *testing.T) {
+
+	r := &map[string]string{
+		"SECRET1": "value1",
+		"SECRET2": "value2",
+	}
+
+	hook := &Hook{
+		Name:	  auth0.String("test-hook-secrets"),
+		Script:	auth0.String("function (user, context, callback) { callback(null, { user }); }"),
+		TriggerID: auth0.String("pre-user-registration"),
+		Enabled:   auth0.Bool(false),
+	}
+
+	err := m.Hook.Create(hook)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Cleanup(func() {
+		if err = m.Hook.Delete(hook.GetID()); err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("Upsert", func(t *testing.T) {
+		err = m.HookSecrets.Upsert(hook.GetID(), r)
+		if err != nil {
+			t.Fatal(err)
+		}
+		t.Logf("%v\n", r)
+	})
+
+	t.Run("Read", func(t *testing.T) {
+		result, err := m.HookSecrets.Read(hook.GetID())
+		if err != nil {
+			t.Fatal(err)
+		}
+		t.Logf("%v\n", r)
+
+		expect.Expect(t, (*result)["SECRET1"], "_VALUE_NOT_SHOWN_")
+		expect.Expect(t, (*result)["SECRET2"], "_VALUE_NOT_SHOWN_")
+	})
+
+	t.Run("Delete", func(t *testing.T) {
+		err = m.HookSecrets.Delete(hook.GetID(), "SECRET1")
+		if err != nil {
+			t.Error(err)
+		}
+
+		result, err := m.HookSecrets.Read(hook.GetID())
+		if err != nil {
+			t.Fatal(err)
+		}
+		t.Logf("%v\n", r)
+
+		expect.Expect(t, (*result)["SECRET1"], "")
+		expect.Expect(t, (*result)["SECRET2"], "_VALUE_NOT_SHOWN_")
+	})
+}
diff --git a/management/management.go b/management/management.go
index df01dd40..85c4bff2 100644
--- a/management/management.go
+++ b/management/management.go
@@ -52,6 +52,9 @@ type Management struct {
 	// HookManager manages Auth0 Hooks
 	Hook *HookManager
 
+	/// HookSecretsManager manages Auth0 Hook Secrets
+	HookSecrets * HookSecretsManager
+
 	// RuleManager manages Auth0 Rule Configurations.
 	RuleConfig *RuleConfigManager
 
@@ -149,6 +152,7 @@ func New(domain, clientID, clientSecret string, options ...apiOption) (*Manageme
 	m.Role = newRoleManager(m)
 	m.Rule = newRuleManager(m)
 	m.Hook = newHookManager(m)
+	m.HookSecrets = newHookSecretsManager(m)
 	m.RuleConfig = newRuleConfigManager(m)
 	m.EmailTemplate = newEmailTemplateManager(m)
 	m.Email = newEmailManager(m)