Secret Manager
Document |
Overview
What are secrets?
help you manage, retrieve, or rotate
secrets
, such asapplication credentials
OAuth tokens
API keys
database credentials (RDS, DocumentDB, Redshift cluster, etc.)
Other types of secret
Type
Service
AWS Credentials
IAM
Encryption keys
AWS Key management service
SSH
EC2 Instance Connect
Private keys and certificates
AWS Certificate manager
Features
Force rotation of secrets
Force rotation after X days
Automate generate of secret using Lambda
Multi-region secrets
replicate secrets to multiple regions
keep replicated secrets in sync with primary secrets.
Use cases:
in multi-region app, you also need multi-region secret, so you can access that app with the same secret.
Encrypted using KMS
Secrets are ecrypted using KMS
Best practices
If the data is not a secret, do not use Secret Manager. Because SM is a paid service. You pay money for someone take care of your secrets, so if not -> not worth the money.
Trivia
Get random pass like this
Last updated