1. Knowledge base
  3. Amazon Web Services
  5. AWS Secrets Manager

AWS Secrets Manager

AWS Secrets Manager - is a service that allows you to easily and securely manage access to confidential data such as passwords, API keys, database credentials, and other secrets. It helps store, manage, and rotate secrets, reducing the risk of data leaks and improving application security.

Key definitions for AWS Secrets Manager:

  • Encryption of Secrets

    All secrets are encrypted using AWS KMS (Key Management Service), ensuring a high level of security. Data is encrypted both at rest and in transit.

  • Automatic Rotation of Secrets

    The service allows configuring automatic rotation for different types of secrets, such as database credentials. This significantly reduces the risk of secret compromise.

  • Integration with AWS IAM

    AWS Secrets Manager easily integrates with AWS IAM, allowing you to control access to secrets. This ensures a high level of control and allows specifying who has access to which secrets.

  • Logging and Monitoring

    Using AWS CloudTrail allows tracking all actions related to secrets, ensuring transparency and control. All operations with secrets can be viewed in the form of logs.

  • API Access to Secrets

    Access to secrets can be obtained via AWS SDK or CLI, making integration with applications simple and efficient. This allows you to use secrets in your code without manually entering them.

  • Version Recovery of Secrets

    The ability to store multiple versions of secrets and quickly restore to previous versions if necessary.

  • Centralized Management

    The service allows centralized management of secrets, making administration and access control easier.

  • Integration with Applications

    AWS Secrets Manager easily integrates with various applications and services, allowing process automation and increased operational efficiency.

Service integrates with:

Usage use cases

  • Database Access Management.

    Storing database passwords and automatically rotating them. For example, you can automatically change passwords for MySQL or PostgreSQL databases.

  • API Keys and Access Management.

    Storing and managing API keys for various services. This ensures secure access to APIs and allows centralized management of keys.

  • DevOps Integration.

    Using secrets in CI/CD pipelines to ensure deployment security. For example, you can store GitHub access tokens in Secrets Manager and use them in your pipelines.

  • Confidential Application Data.

    Storing confidential configuration data such as OAuth tokens, certificates, etc. This ensures the security of data needed for application operation and allows centralized management.

  • Secrets for Services and Microservices.

    Storing secrets for various services and microservices running in your infrastructure. This allows ensuring the security and centralized management of confidential data.

FAQ for AWS Secrets Manager

  • What is AWS Secrets Manager?

    It is a service for securely storing, managing, and rotating confidential data such as passwords, API keys, and other secrets.

  • What are the main features of AWS Secrets Manager?

    Encryption of secrets, automatic rotation, integration with AWS IAM, logging, and API access to secrets.

  • How is the security of secrets ensured in AWS Secrets Manager?

    All secrets are encrypted using AWS KMS, and access to them is controlled via AWS IAM.