Secret Manager

Overview

What are secrets?

help you manage, retrieve, or rotate secrets, such as
- application credentials
- OAuth tokens
- API keys
- database credentials (RDS, DocumentDB, Redshift cluster, etc.)

{
  "host"       : "ProdServer-01.databases.example.com",
  "port"       : "8888",
  "username"   : "administrator",
  "password"   : "EXAMPLE-PASSWORD",
  "dbname"     : "MyDatabase",
  "engine"     : "mysql"
}

Other types of secret

Type

Service

AWS Credentials

IAM

Encryption keys

AWS Key management service

SSH

EC2 Instance Connect

Private keys and certificates

AWS Certificate manager

Features

Force rotation of secrets

Force rotation after X days
Automate generate of secret using Lambda

Multi-region secrets

replicate secrets to multiple regions
keep replicated secrets in sync with primary secrets.
Use cases:
- in multi-region app, you also need multi-region secret, so you can access that app with the same secret.

Encrypted using KMS

Secrets are ecrypted using KMS

Best practices

If the data is not a secret, do not use Secret Manager. Because SM is a paid service. You pay money for someone take care of your secrets, so if not -> not worth the money.

Trivia

Get random pass like this

$ aws secretsmanager get-random-password
{
    "RandomPassword": "eiCziBXZUgO6$:il3B,m4W`JFKI4;oGa"
}

PreviousSecurity Hub NextSecret Hub

Last updated 1 year ago