Secrets Manager provides similar features to Systems Manager Parameter Store. It protects secrets (such as passwords, keys, and tokens) required to access other AWS resources
AWS Secrets Manager
- Secrets Manager automatically rotates secrets and can generate random secrets.
- Secrets Manager is used for database credentials, passwords, and API keys. You can replace hardcoded credentials in your code (including passwords), with an API call to Secrets Manager to retrieve the secret programmatically.
- Secrets Manager applies a new key/password in RDS automatically. You can use Lambda to change the keys for other services.
Parameter Store vs. Secrets Manager
- Parameter Store is for various use cases, such as passwords, hostnames, product keys, or other configuration variables. Secrets Manager is specifically for confidential information and provides a built-in password generator.
- Both services can be accessible in CloudFormation.
- Secrets Manager offers the ability to rotate the secrets.
- Secrets Manager allows cross-account access. Secrets can be access from another AWS account with a proper role.