There are two secret values associated with an ECDSA signature: one long term and one single-use. In the notation of the Wikipedia ECDSA article, there is the private (signing) key $d_a$ and corresponding public (verification) key $Q_A$ which is related to the private key by $Q_A=d_AG$ where $G$ is a publicly known generator for the elliptic curve group. The elliptic curve group should be chosen so that recovering $d_A$ from $Q_A$ is infeasible. This is known as the elliptic curve discrete logarithm problem.
However, in the generation of each signature there is another value $k$ which must remain secret. This is because the signature will produce two values $(r,s)$ which satisfy
$$ks\equiv h+rd_A\pmod\ell$$
where $h$ is the (known) hash value of the data being signed. If $k$ is known then $d_A$ can be computed from the above equation. Moreover, if the same $k$ value is ever used in two different signatures, the same $r$ value is produced so that the signatures are $(r,s_1)$and $(r,s_2)$. We then have
$$s_1h_2+s_1rd_A\equiv s_2h_1+s_2rd_A\pmod\ell\Rightarrow s_1h_2-s_2h_1\equiv (s_2-s_1)rd_A\pmod\ell$$
and again $d_A$ can be recovered.
Thus although $Q_A$ (and hence $d_A$) can be used multiple times, it is vital that each $k$ is used at most once. Failure to do this led to the infamous PS3 failure among others.