Pepper.
An application-level secret mixed into every password hash that, unlike a salt, is kept outside the database — so a database breach alone cannot enable offline password cracking.
The salt-vs-pepper distinction comes down to where the secret lives. Salt is per-user, public, stored next to the hash; pepper is global (or small-set rotating), secret, stored separately from the hash. A database compromise that exposes salts is expected; a pepper exposure means the attacker has the keys to the cracking kingdom.
Pepper is useful when the threat model treats the database as more leak-prone than the application secret store — common when the database is replicated to many environments (analytics, backups, staging) but the application secret is centralized. If your application secret lives in the same place as your database, pepper buys you little; if it lives in a separately-managed HSM or secrets manager, pepper buys you a meaningful layer.
Common questions
What is the difference between salt and pepper?
Do I need a pepper if I use Argon2 with a salt?
Where should the pepper be stored?