[AWS] Secrets Manager

Secrets Manager provides similar features to Systems Manager Parameter Store. It protects secrets (such as passwords, keys, and tokens) required to access other AWS resources


AWS Secrets Manager

Secrets Manager securely stores and rotate your credentials or other secrets.

  • Secrets Manager automatically rotates secrets and can generate random secrets.
  • Secrets Manager is used for database credentials, passwords, and API keys.
    • You can replace hard-coded credentials in your code (including passwords), with an API call to Secrets Manager to retrieve the secret programmatically – encrypted in transit -.
  • Secrets Manager applies a new key/password in RDS automatically. You can use Lambda to change the keys for other services.
  • Key Rotation is easy.
    • Just when the key rotation is enabled, Secrets Manager immediately rotates the secret. It will break any old secrets.

Parameter Store

AWS Systems Manager provides the Parameter Store, secure and hierarchical storage.

  • You can store passwords, database connection strings, and AMI Ids as plain text or encrypted data.
  • No key rotation.
  • It is free of charge but limited to 10,000 parameters.

Parameter Store vs. Secrets Manager

  • Both services can be accessible in CloudFormation.
Secrets ManagerParameter Store
Use Cases:
* specifically for confidential information
Use Cases:
* passwords, host names, product keys, or other configuration variables
It offers the ability to rotate the secretsNo rotation
It allows cross-account access. Secrets can be access from another AWS account with a proper role.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s