Secrets Manager

Solution Architect Associate

Developer Associate

Security Specialty

AWS Documentation

• A security service which securely stores, encrypts and rotates your DB credentials and other secrets
• Encryption in transit using KMS
• Store RDS credentials, and other non-RDS credentials
• Can store anything provided you can store it as a key/value pair
• You pay for this service, $.40 / secret / month, $0.05 per 10,000 calls
• Parameter Store is free, but it’s mainly used for non-secret values. You can encrypt pararmeters though.
• IMPORTANT: If you enable automatic rotation, SecretsManager will IMMEDIATELY rotate the secrets once to test the configuration
  • Ensure all of your applications use the credentials in SecretsManager before enabling automatic rotation
  • Do not enable rotation if you are still using embedded credentials

< Previous: Resource Access Manager Next: Shield >