AWS Security Blog
Tag: AWS Secrets Manager
How to use the AWS Workload Credentials Provider for cross-account secret retrieval and prefetching secrets
If you manage secrets across multiple AWS accounts or need faster secret access for latency-sensitive applications, this post shows you how to meet those requirements using two new features of the AWS Workload Credentials Provider (provider). You will learn how to configure role chaining for cross-account secret retrieval and prefetching of secrets to reduce cold-start […]
Security posture improvement in the AI era
It’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other leading organizations. This has generated a lot of discussion about the future of cybersecurity and what the ever-increasing capabilities of foundation models mean to organizations. As AWS CISO Amy Herzog pointed out in […]
How to use the Secrets Store CSI Driver provider Amazon EKS add-on with Secrets Manager
In this post, we introduce the AWS provider for the Secrets Store CSI Driver, a new AWS Secrets Manager add-on for Amazon Elastic Kubernetes Service (Amazon EKS) that you can use to fetch secrets from Secrets Manager and parameters from AWS Systems Manager Parameter Store and mount them as files in Kubernetes pods. The add-on […]
How to use the new AWS Secrets Manager Cost Allocation Tags feature
AWS Secrets Manager is a service that you can use to manage, retrieve, and rotate database credentials, application credentials, API keys, and other secrets throughout their lifecycles. You can use Secrets Manager to replace hard-coded credentials in application source code with a runtime call to the Secrets Manager service to retrieve credentials dynamically when you […]
ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
Amazon Web Services (AWS) is excited to announce that the latest hybrid post-quantum key agreement standards for TLS have been deployed to three AWS services. Today, AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager endpoints now support Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) for hybrid post-quantum key agreement in non-FIPS endpoints […]
Announcing ASCP integration with Pod Identity: Enhanced security for secrets management in Amazon EKS
In 2021, Amazon Web Services (AWS) introduced the AWS Secrets and Configuration Provider (ASCP) for the Kubernetes Secrets Store Container Storage Interface (CSI) Driver, offering a reliable way to manage secrets in Amazon Elastic Kubernetes Service (Amazon EKS). Today, we’re excited to announce the integration of ASCP with Pod Identity, the new standard for AWS […]
Introducing an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16
We’re pleased to announce an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16. This update is designed to simplify infrastructure management by reducing the need for manual security updates, bug fixes, and runtime upgrades. AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. Some AWS services […]
Making sense of secrets management on Amazon EKS for regulated institutions
Amazon Web Services (AWS) customers operating in a regulated industry, such as the financial services industry (FSI) or healthcare, are required to meet their regulatory and compliance obligations, such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPPA). AWS offers regulated customers tools, guidance and third-party audit reports […]
How to centrally manage secrets with AWS Secrets Manager
July 1, 2026: This post was updated to add IPv6 support for Secrets Manager service endpoints by using an egress-only internet gateway. In today’s digital landscape, managing secrets, such as passwords, API keys, tokens, and other credentials, has become a critical task for organizations. For some Amazon Web Services (AWS) customers, centralized management of secrets […]
How to use the AWS Workload Credentials Provider
June 12, 2026: This post has been updated to reflect the name change from Secrets Manager Agent to Workload Credentials Provider. September 18, 2024: This post has been updated to include instructions for building the Workload Credentials Provider. AWS Secrets Manager is a service that helps you manage, retrieve, and rotate database credentials, application credentials, […]







