AWS Secrets Manager
Easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises.
Rotate secrets safely
AWS Secrets Manager helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments. For example, Secrets Manager offers built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB and rotates these database credentials on your behalf automatically. You can customize Lambda functions to extend Secrets Manager rotation to other secret types, such as API keys and OAuth tokens. Retrieving the secret from Secrets Manager ensures that developers and applications are using the latest version of your secrets.
Manage access with fine-grained policies
With Secrets Manager, you can manage access to secrets using fine-grained AWS Identity and Access Management (IAM) policies and resource-based policies. For example, you can create a policy that enables developers to retrieve certain secrets only when they are used for the development environment. The same policy could enable developers to retrieve passwords used in the production environment only if their requests are coming from within the corporate IT network. For the database administrator, a policy can be built to allow the database administrator to manage all database credentials and permission to read the SSH keys required to perform OS-level changes to the particular instance hosting the database.
Secure and audit secrets centrally
Using Secrets Manager, you can help secure secrets by encrypting them with encryption keys that you manage using AWS Key Management Service (KMS). It also integrates with AWS’ logging and monitoring services for centralized auditing. For example, you can audit AWS CloudTrail logs to see when Secrets Manager rotates a secret or configure AWS CloudWatch Events to notify you when an administrator deletes a secret.
Pay as you go
Secrets Manager offers pay as you go pricing. You pay for the number of secrets managed in Secrets Manager and the number of Secrets Manager API calls made. Using Secrets Manager, you can enable a highly available secrets management service without the upfront investment and on-going maintenance costs of operating your own infrastructure.
Autodesk makes software for people who make things. If you’ve ever driven a high-performance car, admired a towering skyscraper, used a smartphone, or watched a great film, chances are you’ve experienced what millions of Autodesk customers are doing with our software. Modern analytics are fundamental for a lot of what we do at Autodesk, and ensuring the security of that vital data is incredibly important. Using AWS Secrets Manager, we are able to securely deliver database credentials digitally into our analytics pipelines, which really elevated the security without sacrificing speed and were able to deliver meaningful insights to our customers.
- Sai Chaitanya Tirumerla, Senior Software Engineer, Autodesk
Stackery runs a service to enable customers to stitch together AWS services in order to build production-ready, serverless applications quickly. Our service uses and offers AWS Secrets Manager to manage all the confidential data that these applications need to operate securely. We chose Secrets Manager because it stores secrets securely with fine-grained access policies, auto-scales to handle traffic spikes, and is straightforward to query at runtime. Secrets Manager not only positions us to raise our security profile, it also makes security simple for our customers – which is how we like to do business.
- Chase Douglas, CTO, Stackery
Blog posts & articles
No items returned.
Learn more about the features to rotate, manage, and retrieve secrets through their lifecycle.
Instantly get access to the AWS Free Tier.
Get started building with AWS Secrets Manager in the AWS Console.