Difference between revisions of "AWS Secrets Manager"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
(27 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | [[wikipedia:AWS Secrets Manager]] ([[AWS timeline|April 2018]]) <ref>https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/</ref> | + | [[wikipedia:AWS Secrets Manager]] ([[AWS timeline|April 2018]]) <ref>https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/</ref>. https://aws.amazon.com/secrets-manager/ |
− | |||
* [[Free tier]]: 30 days | * [[Free tier]]: 30 days | ||
− | [[ | + | == [[Secret rotation]] == |
* [[Amazon Aurora]] on Amazon RDS | * [[Amazon Aurora]] on Amazon RDS | ||
* [[MySQL]] on Amazon RDS | * [[MySQL]] on Amazon RDS | ||
− | * PostgreSQL on Amazon RDS | + | * [[PostgreSQL]] on Amazon RDS |
− | * Oracle on Amazon RDS | + | * [[Oracle]] on Amazon RDS |
− | * MariaDB on Amazon RDS | + | * [[MariaDB]] on Amazon RDS |
− | * Microsoft SQL Server on Amazon RDS | + | * [[Microsoft SQL Server]] on Amazon RDS |
=== Secret Types === | === Secret Types === | ||
− | * [[AWS credentials]] | + | * [[AWS credentials]]: AWS Identity and Access Management ([[IAM]]) |
− | * Encryption keys: [[KMS]] | + | * [[Encryption]] keys: [[KMS]] |
− | * SSH keys | + | * [[SSH]] keys |
+ | * [[Private keys]] and [[certificates]] | ||
+ | |||
+ | === Automatic Rotation === | ||
+ | * [[Granular control]]: Define custom rotation schedules (e.g., daily, weekly). | ||
+ | * Integration with [[AWS Lambda]]: Automate tasks during rotation, such as notifying admins or updating dependent systems. | ||
+ | |||
+ | === Fine-grained Access Control === | ||
+ | * [[IAM policies]]: Define granular permissions for different users and applications(e.g., view only vs. read/write). | ||
+ | * [[Secret versions]]: Maintain a history of past versions. | ||
+ | |||
+ | === Audit and Monitor Secrets Usage === | ||
+ | * Integration with [[AWS CloudTrail]]: Logs API calls to Secrets Manager, eg: <code>[[GetSecretValue]]</code> | ||
+ | * [[CloudWatch]] integration | ||
== Related terms == | == Related terms == | ||
Line 29: | Line 41: | ||
* Terraform resource: <code>[[aws_secretsmanager_secret_version]]</code> | * Terraform resource: <code>[[aws_secretsmanager_secret_version]]</code> | ||
* [[Terraform secretsmanager]] | * [[Terraform secretsmanager]] | ||
− | * [[secrets =]] | + | * <code>[[secrets =]]</code> |
+ | * [[AWS Lambda]] | ||
+ | * [[AWSSecretsManagerReadWriteAccess managed policy]] | ||
+ | * [[AWS managed policy for AWS Secrets Manager]] | ||
== Activities == | == Activities == | ||
* Read https://aws.amazon.com/secrets-manager/faqs/ | * Read https://aws.amazon.com/secrets-manager/faqs/ | ||
* Read Fargate with [[Secret Manager]] https://awscloudsecvirtualevent.com/workshops/module4/fargate/ | * Read Fargate with [[Secret Manager]] https://awscloudsecvirtualevent.com/workshops/module4/fargate/ | ||
− | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded | + | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded.html Move hardcoded secrets to AWS Secrets Manager] |
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded-db-creds.html Move hardcoded database credentials to AWS Secrets Manager] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/hardcoded-db-creds.html Move hardcoded database credentials to AWS Secrets Manager] | ||
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-alternating.html Set up alternating users rotation for AWS Secrets Manager] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-alternating.html Set up alternating users rotation for AWS Secrets Manager] | ||
* [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager] | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/tutorials_rotation-single.html Set up single user rotation for AWS Secrets Manager] | ||
+ | * [https://docs.aws.amazon.com/secretsmanager/latest/userguide/cfn-example_secret.html Create an AWS Secrets Manager secret with AWS CloudFormation] | ||
+ | * [[Rotate Amazon RDS database credentials automatically with AWS Secrets Manager]] | ||
== See also == | == See also == | ||
* {{aws secretsmanager}} | * {{aws secretsmanager}} | ||
− | * {{Secrets}} | + | * {{AWS Secrets Manager}} |
[[Category:AWS]] | [[Category:AWS]] |
Latest revision as of 20:40, 21 October 2024
wikipedia:AWS Secrets Manager (April 2018) [1]. https://aws.amazon.com/secrets-manager/
- Free tier: 30 days
Contents
Secret rotation[edit]
- Amazon Aurora on Amazon RDS
- MySQL on Amazon RDS
- PostgreSQL on Amazon RDS
- Oracle on Amazon RDS
- MariaDB on Amazon RDS
- Microsoft SQL Server on Amazon RDS
Secret Types[edit]
- AWS credentials: AWS Identity and Access Management (IAM)
- Encryption keys: KMS
- SSH keys
- Private keys and certificates
Automatic Rotation[edit]
- Granular control: Define custom rotation schedules (e.g., daily, weekly).
- Integration with AWS Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.
Fine-grained Access Control[edit]
- IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
- Secret versions: Maintain a history of past versions.
Audit and Monitor Secrets Usage[edit]
- Integration with AWS CloudTrail: Logs API calls to Secrets Manager, eg:
GetSecretValue
- CloudWatch integration
Related terms[edit]
- Private key
- AWS Manage policy:
- AWS Config
- AWS CloudFormation
- AWS Systems Manager Parameter Store (Dec 2016)
- AWS Fargate
- Terraform resource: aws_secretsmanager_secret
- Terraform resource:
aws_secretsmanager_secret_version
- Terraform secretsmanager
secrets =
- AWS Lambda
- AWSSecretsManagerReadWriteAccess managed policy
- AWS managed policy for AWS Secrets Manager
Activities[edit]
- Read https://aws.amazon.com/secrets-manager/faqs/
- Read Fargate with Secret Manager https://awscloudsecvirtualevent.com/workshops/module4/fargate/
- Move hardcoded secrets to AWS Secrets Manager
- Move hardcoded database credentials to AWS Secrets Manager
- Set up alternating users rotation for AWS Secrets Manager
- Set up single user rotation for AWS Secrets Manager
- Create an AWS Secrets Manager secret with AWS CloudFormation
- Rotate Amazon RDS database credentials automatically with AWS Secrets Manager
See also[edit]
- AWS Secrets Manager:
aws secretsmanager
[create-secret | list-secrets
|get-secret-value | get-random-password ], arn:aws:secretmanager
- AWS Secrets Manager, AWSSecretsManagerReadWriteAccess managed policy
Advertising: