Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

AWS Secrets Manager

  1. Home
  3. AWS Certified DevOps Engineer Professional
  5. AWS Secrets Manager
  • Used to manage secrets.
  • Secrets can be
    • database credentials
    • passwords
    • third-party API keys
  • store and control access to these secrets centrally
  • Control by
    • Secrets Manager console
    • the Secrets Manager command line interface (CLI)
    • Secrets Manager API and SDKs.
  • Replace hardcoded credentials in code (including passwords), with an API call to Secrets Manager
  • secret is not compromised by someone examining code
  • can also automatically rotate secret as per a schedule
  • Secret – set of credentials (user name and password) and the connection details to access a secured service.
  • Rotation – process where you periodically change the secret to make it more difficult for an attacker to access the secured service.
  • Version – Multiple versions of a secret exist to support rotation of a secret.
  • Staging Label – To identify different versions of a secret during rotation.

Structure of a Secrets Manager Secret

  • Metadata – Details about the secret
  • name of the secret
  • a description
  • Amazon Resource Name (ARN)
  • The ARN of KMS key that Secrets Manager to encrypt and decrypt the protected text in the secret.
  • Information about how frequently the key is automatically rotated
  • A user-provided set of tags.
  • Versions – A collection of one or more versions of the encrypted secret text
Menu