Posted On: Feb 2, 2023

Today, AWS AppConfig announces integrations with AWS Secrets Manager and AWS Key Management Service (AWS KMS), providing customers with additional configuration sources and encryption capabilities. In addition to its own AWS AppConfig Hosted Configuration store, AWS AppConfig already integrates with Amazon Simple Storage Service (Amazon S3), AWS CodePipeline, AWS Systems Manager Parameter Store, and AWS Systems Manager Documents as data sources. Now customers can use Secrets Manager as a single source to safely and securely deploy sensitive data. All sensitive data retrieved from Secrets Manager via AWS AppConfig can be encrypted at deployment time using an AWS KMS Customer Managed Key (CMK). In addition, AWS AppConfig now offers support for CMK encryption for other configuration data. The integration with AWS KMS enables support for Amazon S3 objects encrypted with a customer managed key or secure strings from AWS Systems Manager Parameter Store encrypted with a customer managed key. 

Using AWS AppConfig to manage runtime configuration, customers can change the way an application behaves without deploying new code. This practice is useful for enabling new features using feature flags, as well as updating sensitive configuration data such as database passwords, API keys, tokens, and more. Previously, customers had to separately manage non-sensitive data in AWS AppConfig and sensitive data in Secrets Manager. With these integrations, customers now have a comprehensive method for retrieving all of the configuration data that their application needs.

AWS AppConfig’s integration with Secrets Manager and AWS KMS is available in all commercial and AWS GovCloud (US) Regions. To get started, use the AWS AppConfig Getting Started Guide or our AWS AppConfig documentation.