Introduction to AWS Secrets Manager
AWS Secrets Manager offers a secure, centralized way to manage and rotate application secrets.
AWS Secrets Manager manages application secrets, including API keys, database passwords, and SSH keys. It can store anything representable as a key-value pair within a document.
Applications retrieve secrets by making API calls to Secrets Manager.
A key feature of Secrets Manager is automatic secret rotation, which enhances security posture and compliance. This allows credentials to be rotated securely without requiring modifications to application code.
Secrets Manager integrates with Amazon Relational Database Service (RDS) to provide secure credential storage and automatic rotation for RDS databases. RDS can generate master passwords, store them encrypted in Secrets Manager (using KMS keys), and IAM controls access to these credentials. Secrets Manager supports automatic credential rotation, with a default rotation period of every 7 days, which is flexible.
Technical Specs: Default credential rotation: every 7 days, flexible