A secret-key managing method includes: constructing a multi-node secret-key storing system, in response to secret-key data required by an encryption-decryption service program being not in an operating state, storing the secret-key data into a random node in the multi-node secret-key storing system, and controlling the secret-key data to migrate among nodes in the multi-node secret-key storing system according to a predetermined migration rule, rather than directly storing in the internal memory corresponding to the encryption-decryption service program, the attacker cannot know the storage position of the secret-key data, and thus has difficulty in stealing the secret-key data with conventional attacking means. Moreover, when a secret-key invoking request based on the encryption-decryption service program is received, the storage position of the secret-key data at the current moment can be determined based on the predetermined migration rule, to feed back the secret-key invoking request.