{"id":39868,"date":"2021-09-30T17:13:49","date_gmt":"2021-09-30T17:13:49","guid":{"rendered":"https:\/\/www.vmengine.net\/2021\/09\/30\/secrets-manager-the-aws-keyholder-service\/"},"modified":"2025-05-23T17:32:15","modified_gmt":"2025-05-23T17:32:15","slug":"secrets-manager-the-aws-keyholder-service","status":"publish","type":"post","link":"http:\/\/temp_new.vmenginelab.com\/en\/2021\/09\/30\/secrets-manager-the-aws-keyholder-service\/","title":{"rendered":"Secrets Manager, the AWS keyholder service"},"content":{"rendered":"<div class=\"et_pb_section et_pb_section_358 et_section_regular\" >\n<div class=\"et_pb_row et_pb_row_456\">\n<div class=\"et_pb_column et_pb_column_4_4 et_pb_column_462  et_pb_css_mix_blend_mode_passthrough et-last-child\">\n<div class=\"et_pb_module et_pb_text et_pb_text_1526  et_pb_text_align_left et_pb_bg_layout_light\">\n<div class=\"et_pb_text_inner\">\n<p><em>The <a href=\"https:\/\/aws.amazon.com\/it\/\"><br \/>\n  <strong>Amazon Web Services<\/strong><br \/>\n<\/a> service that allows you to easily <strong>modify<\/strong> and <strong>manage<\/strong> <strong>the use of database credentials<\/strong>, <strong>API keys<\/strong> and other secret keys.<\/em><\/p>\n<p>Users have the ability to retrieve a &#8220;<strong>secret key<\/strong>&#8221; by calling the <strong>Secrets Manager APIs<\/strong>, without having to store highly confidential information in plain text.<br \/>The service is also integrated with <a href=\"https:\/\/aws.amazon.com\/it\/rds\/\"><br \/>\n  <strong>Amazon RDS<\/strong><br \/>\n<\/a>, <a href=\"https:\/\/aws.amazon.com\/it\/redshift\/?whats-new-cards.sort-by=item.additionalFields.postDateTime&amp;whats-new-cards.sort-order=desc\"><br \/>\n  <strong>Amazon Redshift<\/strong><br \/>\n<\/a> , and <a href=\"https:\/\/aws.amazon.com\/it\/documentdb\/\"><br \/>\n  <strong>Amazon DocumentDB<\/strong><br \/>\n<\/a> that allow for secret key changes through AWS <strong>service integration.<\/strong><br \/><strong>Security<\/strong> is another advantage of <strong>Secrets Manager<\/strong>, as it provides access control to secrets through granular permissions and allows you to perform change audits for resources in the AWS Cloud, third-party services, and on-premises.<\/p>\n<p><strong>AWS Secrets Manager<\/strong> allows you <strong>to replace<\/strong> <strong>code-hardened credentials<\/strong> by using an <strong>API<\/strong> <strong>call<\/strong> to Secrets Manager to retrieve the secret programmatically. With this approach, Secrets Manager assures users that the secret is not directly compromised by the person examining the code, precisely because the secret is no longer present. In addition, AWS allows customers to <strong>configure<\/strong> Secrets Manager to automatically rotate the secret on a <strong>specific schedule as well.<\/strong><\/p>\n<\/div><\/div>\n<div class=\"et_pb_module et_pb_image et_pb_image_401 et_animated et-waypoint\">\n<p>\t\t\t\t<a href=\"https:\/\/aws.amazon.com\/it\/secrets-manager\/\" target=\"_blank\"><span class=\"et_pb_image_wrap \"><img decoding=\"async\" src=\"http:\/\/temp_new.vmenginelab.com\/wp-content\/uploads\/2021\/09\/ASM-Basic-Scenario-2.png\" alt=\"\" title=\"ASM-Basic-Scenario\"  sizes=\"(max-width: 966px) 100vw, 966px\" class=\"wp-image-34019\" \/><\/span><\/a>\n\t\t\t<\/div>\n<div class=\"et_pb_module et_pb_text et_pb_text_1527  et_pb_text_align_center et_pb_bg_layout_light\">\n<div class=\"et_pb_text_inner\"><H2>  Why choose Secrets Manager?  <\/p>\n<h2><\/h2>\n<\/div><\/div>\n<div class=\"et_pb_module et_pb_text et_pb_text_1528  et_pb_text_align_left et_pb_bg_layout_light\">\n<div class=\"et_pb_text_inner\">\n<p>AWS Secrets Manager provides secure <strong>secret<\/strong> <strong>key modification<\/strong> and helps you meet <strong>compliance<\/strong> and security requirements by allowing you to securely apply <strong>secret rotation<\/strong> without having to deploy code.<\/p>\n<\/div><\/div>\n<div class=\"et_pb_module et_pb_cta_315 et_pb_promo  et_pb_text_align_center et_pb_bg_layout_light\">\n<div class=\"et_pb_promo_description et_multi_view_hidden\"><\/div>\n<div class=\"et_pb_button_wrapper\"><a class=\"et_pb_button et_pb_promo_button\" href=\"https:\/\/temp_new.vmenginelab.com\/en\/2021\/05\/27\/aws-compliance-the-future-of-regulations\/\" target=\"_blank\">Read more about AWS compliance<\/a><\/div>\n<\/p><\/div>\n<div class=\"et_pb_module et_pb_text et_pb_text_1529  et_pb_text_align_left et_pb_bg_layout_light\">\n<div class=\"et_pb_text_inner\">\n<p>Another advantage, given by <a href=\"https:\/\/aws.amazon.com\/it\/about-aws\/global-infrastructure\/\"><br \/>\n  <strong>the worldwide infrastructure network of Amazon web Services<\/strong><br \/>\n<\/a>, is that Secrets Manager also allows you <strong>to easily replicate secret keys<\/strong> in multiple <a href=\"https:\/\/aws.amazon.com\/it\/about-aws\/global-infrastructure\/\"><strong>Regions<\/strong> <\/a>to support multi-Region applications and <strong>Disaster Recovery<\/strong> scenarios. The <strong>multi-region secrets<\/strong> feature avoids the complexity of <strong>replicating<\/strong> and managing secrets across regions because it allows you to easily <strong>access and read<\/strong> secrets where you need them.<\/p>\n<\/div><\/div>\n<div class=\"et_pb_module et_pb_image et_pb_image_402 et_animated et-waypoint\">\n<p>\t\t\t\t<span class=\"et_pb_image_wrap \"><img decoding=\"async\" src=\"http:\/\/temp_new.vmenginelab.com\/wp-content\/uploads\/2021\/09\/ds-aws-2.jpg\" alt=\"\" title=\"AWS DS\"  sizes=\"(max-width: 740px) 100vw, 740px\" class=\"wp-image-34031\" \/><\/span>\n\t\t\t<\/div>\n<div class=\"et_pb_module et_pb_cta_316 et_pb_promo  et_pb_text_align_center et_pb_bg_layout_light\">\n<div class=\"et_pb_promo_description et_multi_view_hidden\"><\/div>\n<div class=\"et_pb_button_wrapper\"><a class=\"et_pb_button et_pb_promo_button\" href=\"https:\/\/temp_new.vmenginelab.com\/en\/2021\/05\/24\/disaster-recovery-how-much-is-a-contingency-plan-worth\/\" target=\"_blank\">Disaster Recovery. How much is a &quot;contingency&quot; plan worth?<\/a><\/div>\n<\/p><\/div>\n<div class=\"et_pb_module et_pb_text et_pb_text_1530  et_pb_text_align_left et_pb_bg_layout_light\">\n<div class=\"et_pb_text_inner\">\n<p><strong>Secrets Manager<\/strong> allows you <strong>to manage access to secrets<\/strong> using <a href=\"https:\/\/aws.amazon.com\/it\/iam\/\"><strong>AWS Identity and Access Management (IAM)<\/strong><\/p>\n<p><\/a> <strong>policies<\/strong> and resource-based policies. Specifically, you can create a <strong>policy<\/strong> that allows developers to use certain secrets only for the development environment. At the same time, the policy could allow developers to use <strong>passwords<\/strong> used in production <strong>only<\/strong> if their requests come from the <strong>internal<\/strong> <strong>IT network<\/strong>.<br \/>In addition, it is also possible to create policies for <strong>database administrators<\/strong> that allow them to manage all the database credentials and <strong>SSH key<\/strong> read permissions needed to perform operating system-level changes on the specific instance where the database is hosted.<\/p>\n<p>With <strong>Secrets Manager<\/strong>, you can protect your secrets by encrypting them using keys that are managed with <a href=\"https:\/\/aws.amazon.com\/it\/kms\/\"><strong>AWS Key Management Service (KMS).<\/strong><\/p>\n<p><\/a> In addition, the service integrates with other AWS <strong>access and monitoring<\/strong> services to enable <strong>centralized audits<\/strong>.<\/p>\n<\/div><\/div>\n<div class=\"et_pb_module et_pb_cta_317 et_pb_promo  et_pb_text_align_center et_pb_bg_layout_dark\">\n<div class=\"et_pb_promo_description\">\n<h2 class=\"et_pb_module_header\">Want to learn more about the power of AWS services?<\/h2>\n<\/div>\n<div class=\"et_pb_button_wrapper\"><a class=\"et_pb_button et_pb_promo_button\" href=\"https:\/\/temp_new.vmenginelab.com\/en\/contacts\/\" target=\"_blank\">Talk to an Expert<\/a><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The AWS service that allows you to easily modify and manage the use of database credentials, API keys, and other secrets.<\/p>\n","protected":false},"author":6,"featured_media":34022,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[97,1374],"tags":[71,132,72,133,3980,4059,4691,4780,1270,1202],"class_list":["post-39868","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en","category-the-analysis","tag-amazon-web-services","tag-amazon-web-services-en","tag-aws","tag-aws-en","tag-cloud-security-aws","tag-cloud-security-aws-en","tag-secrets-manager","tag-secrets-manager-en","tag-security-en","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"http:\/\/temp_new.vmenginelab.com\/wp-content\/uploads\/2021\/09\/CreamyFormalChanticleer-size_restricted-1.gif","amp_enabled":true,"_links":{"self":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/comments?post=39868"}],"version-history":[{"count":1,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39868\/revisions"}],"predecessor-version":[{"id":41655,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/posts\/39868\/revisions\/41655"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media\/34022"}],"wp:attachment":[{"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/media?parent=39868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/categories?post=39868"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/temp_new.vmenginelab.com\/en\/wp-json\/wp\/v2\/tags?post=39868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}