[AWS] Secrets Manager

Secrets Manager provides similar features to Systems Manager Parameter Store. It protects secrets (such as passwords, keys, and tokens) required to access other AWS resources

AWS Secrets Manager

Secrets Manager securely stores and rotate your credentials or other secrets.

  • Secrets Manager automatically rotates secrets and can generate random secrets.
  • Secrets Manager is used for database credentials, passwords, and API keys.
    • You can replace hard-coded credentials in your code (including passwords), with an API call to Secrets Manager to retrieve the secret programmatically – encrypted in transit -.
  • Secrets Manager applies a new key/password in RDS automatically. You can use Lambda to change the keys for other services.
  • Key Rotation is easy.
    • Key rotation is done via a Lambda function.

Parameter Store

AWS Systems Manager provides the Parameter Store, secure and hierarchical storage.

  • You can store passwords, database connection strings, and AMI Ids as plain text or encrypted data.
  • No key rotation.
  • It is free of charge but limited to 10,000 parameters. (Standard Tier)

Parameter Store vs. Secrets Manager

  • Both services can be accessible in CloudFormation.
Secrets ManagerParameter Store
Use Cases:
* specifically for confidential information
Use Cases:
* passwords, host names, product keys, or other configuration variables
It offers the ability to rotate the secretsNo rotation
It allows cross-account access. Secrets can be access from another AWS account with a proper role.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s