Secrets Manager provides similar features to Systems Manager Parameter Store. It protects secrets (such as passwords, keys, and tokens) required to access other AWS resources
AWS Secrets Manager
Secrets Manager securely stores and rotate your credentials or other secrets.
- Secrets Manager automatically rotates secrets and can generate random secrets.
- Secrets Manager is used for database credentials, passwords, and API keys.
- You can replace hard-coded credentials in your code (including passwords), with an API call to Secrets Manager to retrieve the secret programmatically – encrypted in transit -.
- Secrets Manager applies a new key/password in RDS automatically. You can use Lambda to change the keys for other services.
- Key Rotation is easy.
- Key rotation is done via a Lambda function.
AWS Systems Manager provides the Parameter Store, secure and hierarchical storage.
- You can store passwords, database connection strings, and AMI Ids as plain text or encrypted data.
- No key rotation.
- It is free of charge but limited to 10,000 parameters. (Standard Tier)
Parameter Store vs. Secrets Manager
- Both services can be accessible in CloudFormation.
|Secrets Manager||Parameter Store|
* specifically for confidential information
|Use Cases: |
* passwords, host names, product keys, or other configuration variables
|It offers the ability to rotate the secrets||No rotation|
|It allows cross-account access. Secrets can be access from another AWS account with a proper role.|