AWS Secrets Manager
Last updated
Last updated
AWS Secrets Manager is where secrets (from POV of the customer or AWS account holder) can be stored. is a managed service provided by Amazon Web Services (AWS) that simplifies the secure storage and management of sensitive information . Secrets can include passwords, API keys, tokens, and other sensitive data that applications, services, or IT resources need to access. i.e., It can be used to store database credentials or API keys or tokens or any other app secret etc. It operates by allowing users to create and store secrets, in a centralized and highly secure manner.
The primary goal of AWS Secrets Manager is to safeguard access to services and applications by eliminating the need to hard-code sensitive information in plaintext, thereby enhancing security and compliance
Typical use case is webapp hosted on AWS securely gets access to RDS database. It also supports DocumentDB or RedShift.
Key features of AWS Secrets Manager include:
Secret Creation: Users can create secrets using the AWS Management Console, SDKs, or the AWS Command Line Interface (CLI). These secrets can include database credentials, API keys, or any other sensitive data.
Centralized Management: It provides a centralized place to manage all secrets, making it easier to organize, access, and control them across AWS environment.
Encryption: AWS Secrets Manager encrypts these secrets both at rest and in transit using industry-standard encryption protocols, ensuring the confidentiality and integrity of the stored data. The secrets managed by Secrets Manager can be encrypted using keys managed by KMS.
Access Control: Users can define fine-grained access control policies to specify who can access and manage secrets, helping to maintain the principle of least privilege.
Audit and Monitoring: Integration with AWS CloudTrail provides a record of calls to AWS Secrets Manager for compliance and auditing purposes.
Cross-Region Replication: It allows to replicate secrets across multiple AWS regions for disaster recovery purposes.
Rotation: One of the standout features of AWS Secrets Manager is its ability to automate the rotation of credentials. The secrets can be auto-rotated during configuration. It can periodically generate new credentials for a secret and update the applications that use them, thus enhancing security by regularly changing access credentials.
Integration: AWS Secrets Manager can seamlessly integrate with AWS services and other applications, allowing for secure retrieval of secrets during application runtime. This eliminates the need for hard coding credentials within applications.
Once the rotation function is given, review and create the secret to later integrate it with the application
