[AWS] Secrets Manager

Secrets Manager provides similar features to Systems Manager Parameter Store. It protects secrets (such as passwords, keys, and tokens) required to access other AWS resources

AWS Secrets Manager

  • Secrets Manager automatically rotates secrets and can generate random secrets.
  • Secrets Manager is used for database credentials, passwords, and API keys. You can replace hardcoded credentials in your code (including passwords), with an API call to Secrets Manager to retrieve the secret programmatically.
  • Secrets Manager applies a new key/password in RDS automatically. You can use Lambda to change the keys for other services.

Parameter Store vs. Secrets Manager

  • Parameter Store is for various use cases, such as passwords, hostnames, product keys, or other configuration variables. Secrets Manager is specifically for confidential information and provides a built-in password generator.
  • Both services can be accessible in CloudFormation.
  • Secrets Manager offers the ability to rotate the secrets.
  • Secrets Manager allows cross-account access. Secrets can be access from another AWS account with a proper role.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s