Difference between revisions of "AWS Secrets Manager"
Jump to navigation
Jump to search
↑ https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/
| Line 21: | Line 21: | ||
* Granular control: Define custom rotation schedules (e.g., daily, weekly). | * Granular control: Define custom rotation schedules (e.g., daily, weekly). | ||
* Integration with [[Lambda]]: Automate tasks during rotation, such as notifying admins or updating dependent systems. | * Integration with [[Lambda]]: Automate tasks during rotation, such as notifying admins or updating dependent systems. | ||
| + | |||
| + | === Fine-grained Access Control === | ||
| + | * [[IAM policies]]: Define granular permissions for different users and applications(e.g., view only vs. read/write). | ||
| + | * [[Secret versions]]: Maintain a history of past versions. | ||
== Related terms == | == Related terms == | ||
Revision as of 08:58, 17 June 2024
wikipedia:AWS Secrets Manager (April 2018) [1]
- Homepage: https://aws.amazon.com/secrets-manager/
- Free tier: 30 days
Secrets rotation featured:
- Amazon Aurora on Amazon RDS
- MySQL on Amazon RDS
- PostgreSQL on Amazon RDS
- Oracle on Amazon RDS
- MariaDB on Amazon RDS
- Microsoft SQL Server on Amazon RDS
Contents
Secret Types
- AWS credentials: AWS Identity and Access Management (IAM)
- Encryption keys: KMS
- SSH keys
- Private keys and certificates
Automatic Rotation
- Granular control: Define custom rotation schedules (e.g., daily, weekly).
- Integration with Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.
Fine-grained Access Control
- IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
- Secret versions: Maintain a history of past versions.
Related terms
- Private key
- AWS Manage policy:
- AWS Config
- AWS CloudFormation
- AWS Systems Manager Parameter Store (Dec 2016)
- AWS Fargate
- Terraform resource: aws_secretsmanager_secret
- Terraform resource:
aws_secretsmanager_secret_version - Terraform secretsmanager
- secrets =
Activities
- Read https://aws.amazon.com/secrets-manager/faqs/
- Read Fargate with Secret Manager https://awscloudsecvirtualevent.com/workshops/module4/fargate/
- Move hardcoded secrets to AWS Secrets Manager
- Move hardcoded database credentials to AWS Secrets Manager
- Set up alternating users rotation for AWS Secrets Manager
- Set up single user rotation for AWS Secrets Manager
See also
- AWS Secrets Manager:
aws secretsmanager[create-secret | list-secrets|get-secret-value | get-random-password ], arn:aws:secretmanager - Secrets: Kubernetes secrets,
ansible-vault, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising:
