Single Blog

Blog The Analysis
_ _ Maria Grazia_ 0 Comments

Secrets Manager, the AWS keyholder service

The
Amazon Web Services
 service that allows you to easily modify and manage the use of database credentials, API keys and other secret keys.

Users have the ability to retrieve a “secret key” by calling the Secrets Manager APIs, without having to store highly confidential information in plain text.
The service is also integrated with
Amazon RDS
,
Amazon Redshift
 , and
Amazon DocumentDB
 that allow for secret key changes through AWS service integration.
Security is another advantage of Secrets Manager, as it provides access control to secrets through granular permissions and allows you to perform change audits for resources in the AWS Cloud, third-party services, and on-premises.

AWS Secrets Manager allows you to replace code-hardened credentials by using an API call to Secrets Manager to retrieve the secret programmatically. With this approach, Secrets Manager assures users that the secret is not directly compromised by the person examining the code, precisely because the secret is no longer present. In addition, AWS allows customers to configure Secrets Manager to automatically rotate the secret on a specific schedule as well.

Why choose Secrets Manager?

AWS Secrets Manager provides secure secret key modification and helps you meet compliance and security requirements by allowing you to securely apply secret rotation without having to deploy code.

Read more about AWS compliance

Another advantage, given by
the worldwide infrastructure network of Amazon web Services
, is that Secrets Manager also allows you to easily replicate secret keys in multiple Regions to support multi-Region applications and Disaster Recovery scenarios. The multi-region secrets feature avoids the complexity of replicating and managing secrets across regions because it allows you to easily access and read secrets where you need them.

Disaster Recovery. How much is a "contingency" plan worth?

Secrets Manager allows you to manage access to secrets using AWS Identity and Access Management (IAM)

policies and resource-based policies. Specifically, you can create a policy that allows developers to use certain secrets only for the development environment. At the same time, the policy could allow developers to use passwords used in production only if their requests come from the internal IT network.
In addition, it is also possible to create policies for database administrators that allow them to manage all the database credentials and SSH key read permissions needed to perform operating system-level changes on the specific instance where the database is hosted.

With Secrets Manager, you can protect your secrets by encrypting them using keys that are managed with AWS Key Management Service (KMS).

In addition, the service integrates with other AWS access and monitoring services to enable centralized audits.

Want to learn more about the power of AWS services?

Talk to an Expert

1

Author

Maria Grazia

Leave a comment

Your email address will not be published. Required fields are marked *

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.