AWS Secrets Manager
Learn about AWS Secrets Manager, a key data protection service.
We'll cover the following...
AWS Secrets Manager
If an application has embedded credentials for database connections, every time we need to rotate credentials, we’ll need to spend time doing this manually. This task will become even more overwhelming if we have multiple applications that use embedded database credentials. This is where services like Secrets Manager (and, in some cases, Parameter Store) come into play.
AWS Secrets Manager enables users to securely store and manage their sensitive information, such as database credentials, API keys, and other confidential data. It allows programmatic access to credentials (including passwords, database credentials, and more) in our code. This also solves a potential security issue of having to maintain credentials in the code that can be exposed to others.
The following illustration shows how Secrets Manager manages database credentials for an application:
- The administrator creates database credentials for the database and configures it to be accessible from the application.
- The administrator creates a new database secret in Secrets Manager.
- When the application needs to access the database, it makes an API call to Secrets Manager and