Difference between revisions of "AWS Secrets Manager"

From wikieduonline
Jump to navigation Jump to search
 
(19 intermediate revisions by the same user not shown)
Line 13: Line 13:
  
 
=== Secret Types ===  
 
=== Secret Types ===  
* [[AWS credentials]]
+
* [[AWS credentials]]: AWS Identity and Access Management ([[IAM]])
* Encryption keys: [[KMS]]
+
* [[Encryption]] keys: [[KMS]]
* SSH keys
+
* [[SSH]] keys
 +
* [[Private keys]] and [[certificates]]
 +
 
 +
=== Automatic Rotation ===
 +
* [[Granular control]]: Define custom rotation schedules (e.g., daily, weekly).
 +
* Integration with [[AWS Lambda]]: Automate tasks during rotation, such as notifying admins or updating dependent systems.
 +
 
 +
=== Fine-grained Access Control ===
 +
* [[IAM policies]]: Define granular permissions for different users and applications(e.g., view only vs. read/write).
 +
* [[Secret versions]]: Maintain a history of past versions.
 +
 
 +
=== Audit and Monitor Secrets Usage ===
 +
* Integration with [[AWS CloudTrail]]: Logs API calls to Secrets Manager, eg: <code>[[GetSecretValue]]</code>
 +
* [[CloudWatch]] integration
  
 
== Related terms ==
 
== Related terms ==
Line 29: Line 42:
 
* Terraform resource: <code>[[aws_secretsmanager_secret_version]]</code>
 
* Terraform resource: <code>[[aws_secretsmanager_secret_version]]</code>
 
* [[Terraform secretsmanager]]
 
* [[Terraform secretsmanager]]
* [[secrets =]]
+
* <code>[[secrets =]]</code>
 +
* [[AWS Lambda]]
  
 
== Activities ==
 
== Activities ==
 
* Read https://aws.amazon.com/secrets-manager/faqs/
 
* Read https://aws.amazon.com/secrets-manager/faqs/
 
* Read Fargate with [[Secret Manager]] https://awscloudsecvirtualevent.com/workshops/module4/fargate/
 
* Read Fargate with [[Secret Manager]] https://awscloudsecvirtualevent.com/workshops/module4/fargate/
* Move hardcoded secrets to AWS Secrets Manager
+
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded.html Move hardcoded secrets to AWS Secrets Manager]
* Move hardcoded database credentials to AWS Secrets Manager
+
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded-db-creds.html Move hardcoded database credentials to AWS Secrets Manager]
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up alternating users rotation for AWS Secrets Manager]
+
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-alternating.html Set up alternating users rotation for AWS Secrets Manager]
 +
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager]
 +
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_secret.html Create an AWS Secrets Manager secret with AWS CloudFormation]
  
 
== See also ==
 
== See also ==

Latest revision as of 09:25, 17 June 2024

wikipedia:AWS Secrets Manager (April 2018) [1]

Secrets rotation featured:

  • Amazon Aurora on Amazon RDS
  • MySQL on Amazon RDS
  • PostgreSQL on Amazon RDS
  • Oracle on Amazon RDS
  • MariaDB on Amazon RDS
  • Microsoft SQL Server on Amazon RDS


Secret Types[edit]

Automatic Rotation[edit]

  • Granular control: Define custom rotation schedules (e.g., daily, weekly).
  • Integration with AWS Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.

Fine-grained Access Control[edit]

  • IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
  • Secret versions: Maintain a history of past versions.

Audit and Monitor Secrets Usage[edit]

Related terms[edit]

Activities[edit]

See also[edit]

  • https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
    • Retrieved from "https://www.wikieduonline.com/index.php?title=AWS_Secrets_Manager&oldid=328371"

    Advertising: