AWS Secrets Manager now enables you to attach resource-based policies to secrets from the AWS Secrets Manager console and uses Zelkova to validate these policies
The AWS Secrets Manager console now supports attaching resource-based policies to your secrets, enabling you to access secrets across AWS accounts securely and easily. The Secrets Manager console also uses Zelkova, an automated reasoning engine, to validate and block automatically policies that may grant broad access to your secrets across AWS accounts. This integration further raises the security bar for your organization and makes it easier to follow the security best practice of granting least privilege access.
AWS Secrets Manager enables you to retrieve and manage secrets such as database credentials and API keys throughout their lifecycle. AWS Secrets Manager also makes it easier to follow the security best practice of using short-term secrets by rotating secrets safely on a schedule that you determine. For example, you can configure Secrets Manager to rotate a database credential daily, turning a typical, long-term secret in to a short-term secret that is rotated automatically. For a list of regions where Secrets Manager is available, see the AWS Region table.
To learn more about resource-based policies to manage your secrets, visit the documentation. To learn how you can use AWS Secrets Manager console to attach resource-based policies to your secrets visit our blog: How to manage resource-based policies for your secrets using the AWS Secrets Manager console.