Secrets Manager

Secrets Managers

Protect secrets needed to access your applications and services. Easily rotate,manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle

Secrets Manager’s is mostly used to store and automatically rotate database credentials

Enforces encryption at-rest by using KMS.

Pricing

• $0.40 per secret per month
• $0.05 per 10,000 API calls

CloudTrail can monitor credentials access in case you need audit.

Automatic Rotation

You can setup automatic rotation for any database credentials You can rotate up to 365 days (1 year)

Rotation is performed via a Lambda function

You can rotate the password for the superuser or for a developer programmatically accessing the database.

CLI

    aws secretsmanager describe-secret --secret-id enterprise/ShipDatabase

    aws secretsmanager get-secret-value --secret-id enterprise/ShipDatabase --version-stage AWSCURRENT

    {"foo": "bar"}