AWS Secrets Manager
wikipedia:AWS Secrets Manager (April 2018) [1]
- Homepage: https://aws.amazon.com/secrets-manager/
- Free tier: 30 days
Secrets rotation featured:
- Amazon Aurora on Amazon RDS
- MySQL on Amazon RDS
- PostgreSQL on Amazon RDS
- Oracle on Amazon RDS
- MariaDB on Amazon RDS
- Microsoft SQL Server on Amazon RDS
Contents
Secret Types
- AWS credentials: AWS Identity and Access Management (IAM)
- Encryption keys: KMS
- SSH keys
- Private keys and certificates
Automatic Rotation
- Granular control: Define custom rotation schedules (e.g., daily, weekly).
- Integration with Lambda: Automate tasks during rotation, such as notifying admins or updating dependent systems.
Fine-grained Access Control
- IAM policies: Define granular permissions for different users and applications(e.g., view only vs. read/write).
- Secret versions: Maintain a history of past versions.
Related terms
- Private key
- AWS Manage policy:
- AWS Config
- AWS CloudFormation
- AWS Systems Manager Parameter Store (Dec 2016)
- AWS Fargate
- Terraform resource: aws_secretsmanager_secret
- Terraform resource:
aws_secretsmanager_secret_version
- Terraform secretsmanager
- secrets =
Activities
- Read https://aws.amazon.com/secrets-manager/faqs/
- Read Fargate with Secret Manager https://awscloudsecvirtualevent.com/workshops/module4/fargate/
- Move hardcoded secrets to AWS Secrets Manager
- Move hardcoded database credentials to AWS Secrets Manager
- Set up alternating users rotation for AWS Secrets Manager
- Set up single user rotation for AWS Secrets Manager
See also
- AWS Secrets Manager:
aws secretsmanager
[create-secret | list-secrets
|get-secret-value | get-random-password ], arn:aws:secretmanager
- Secrets: Kubernetes secrets,
ansible-vault
, Hashicorp Vault, AWS Secrets Manager, Google Secret Manager,git-crypt
, SOPS: Secrets OPerationS, Google Cloud Secret Manager, GitHub secret scanning alerts
Advertising: