Posted On: Nov 15, 2018
AWS Secrets Manager makes it easier to follow the security best practice of using short-term secrets by rotating secrets safely on a schedule that you determine. For example, you can configure Secrets Manager to rotate a database credential daily, turning a typical, long-term secret in to a short-term secret that is rotated automatically. Now, Secrets Manager makes it easier for you to manage and rotate secrets by introducing three enhancements to the Secrets Manager console. First, you can tag secrets from the console. Second, you can give the rotation Lambda function a custom name. Finally, you can use existing Lambda functions to rotate new secrets.
Tag secrets from the console: You can tag secrets from the Secrets Manager console, enabling you to group and manage secrets easily. For example, you can tag secrets used by an application as “MyApplication” and then write an IAM policy to grant permissions to retrieve all secrets required to operate the application.
Give the rotation Lambda function a custom name: Secrets Manager creates a Lambda function automatically to rotate your secret. Now you can give the function a custom name, enabling you to easily identify and manage the Lambda functions used to rotate secrets in your AWS account.
Use an existing rotation Lambda function to rotate secrets: To configure secret rotation, you can now use an existing rotation Lambda function in your account, enabling you to reuse existing functions for similar secret types.
Secrets Manager helps you create and protect secrets needed to access your applications and IT resources. Secrets Manager is available in the AWS US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Mumbai), and South America (São Paulo) regions. Learn more.