AWS Secrets Manager
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB. Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises.
Rotate secrets safely
AWS Secrets Manager helps you meet your security and compliance requirements by enabling you to rotate secrets safely without the need for code deployments. For example, Secrets Manager offers built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB and rotates these database credentials on your behalf automatically. You can customize Lambda functions to extend Secrets Manager rotation to other secret types, such as API keys and OAuth tokens. Retrieving the secret from Secrets Manager ensures that developers and applications are using the latest version of your secrets.
Manage access with fine-grained policies
With Secrets Manager, you can manage access to secrets using fine-grained AWS Identity and Access Management (IAM) policies and resource-based policies. For example, you can create a policy that enables developers to retrieve certain secrets only when they are used for the development environment. The same policy could enable developers to retrieve passwords used in the production environment only if their requests are coming from within the corporate IT network. For the database administrator, a policy can be built to allow the database administrator to manage all database credentials and permission to read the SSH keys required to perform OS-level changes to the particular instance hosting the database.
Secure and audit secrets centrally
Using Secrets Manager, you can help secure secrets by encrypting them with encryption keys that you manage using AWS Key Management Service (KMS). It also integrates with AWS’ logging and monitoring services for centralized auditing. For example, you can audit AWS CloudTrail logs to see when Secrets Manager rotates a secret or configure AWS CloudWatch Events to notify you when an administrator deletes a secret.
Pay as you go
Secrets Manager offers pay as you go pricing. You pay for the number of secrets managed in Secrets Manager and the number of Secrets Manager API calls made. Using Secrets Manager, you can enable a highly available secrets management service without the upfront investment and on-going maintenance costs of operating your own infrastructure.
Autodesk makes software for people who make things. If you’ve ever driven a high-performance car, admired a towering skyscraper, used a smartphone, or watched a great film, chances are you’ve experienced what millions of Autodesk customers are doing with our software.
"Modern analytics are fundamental for a lot of what we do at Autodesk, and ensuring the security of that vital data is incredibly important. Using AWS Secrets Manager, we are able to securely deliver database credentials digitally into our analytics pipelines, which really elevated the security without sacrificing speed and were able to deliver meaningful insights to our customers."
Sai Chaitanya Tirumerla, Senior Software Engineer - Autodesk
Clevy, an AI company, bridges the gap between human-computer interactions by creating simple and easy-to-use, conversational engines.
"We use AWS Secrets Manager to manage and rotate the secrets needed by our pipelines, enabling us to innovate and deploy enterprise-ready applications quickly and securely."
François Falala-Sechet, CTO - Clevy
GoDaddy is the company that empowers everyday entrepreneurs. With more than 20 million customers worldwide, GoDaddy is the place people come to name their ideas, build a professional website, attract customers, and manage their work.
"We like to use Secrets Manager where we need to store secrets and credentials to use 3rd Party APIs and create database connections, for example. It encrypts by default and allows us to programmatically create, manage, and rotate credentials, and provides fine-grained access control. We can also easily monitor and audit credentials for compliance around the world."
Silas Boyd-Wickizer, Senior Director Of Engineering - GoDaddy
Rover was founded in 2011 in Seattle and is the world’s largest and most trusted network of five-star pet sitters and dog walkers.
"We chose AWS because AWS is the leader in the cloud space and has an ecosystem of services that work well with each other. When AWS launched Secrets Manager, a service that tightly integrates with the AWS ecosystem, we made the decision to replace our existing solution. Getting started was easy because Secrets Manager uses the same access control, auditing, and monitoring capabilities that we are already familiar with. Secrets Manager has served us well for more than two years now, making sure that our secrets are available, durable, and secured."
Jessica Kim, TPM, Cloud Engineering Solutions - Rover
Stackery runs a service to enable customers to stitch together AWS services in order to build production-ready, serverless applications quickly.
"Our service uses and offers AWS Secrets Manager to manage all the confidential data that these applications need to operate securely. We chose Secrets Manager because it stores secrets securely with fine-grained access policies, auto-scales to handle traffic spikes, and is straightforward to query at runtime. Secrets Manager not only positions us to raise our security profile, it also makes security simple for our customers – which is how we like to do business."
Chase Douglas, CTO - Stackery
Teradata delivers the power, flexibility, and scalability modern organizations need to thrive in a hybrid multi-cloud environment. As a cloud data analytics platform, Teradata Vantage enables companies to start small and elastically scale compute or storage, pay only for what is used, harness low-cost object stores, and integrate data and analytic workloads.
"Teradata leverages AWS Secrets Manager for Vantage on AWS to store API keys, API endpoints, and third-party credentials. Teradata regularly rotates keys in Secrets Manager as part of security best practices, along with using appropriate access policies to maintain a high level of security for our as-a-service customers. With the built-in scalability of Secrets Manager, Teradata is assured that their service will always be available."
Craig Schechter, Architect, Teradata Vantage on AWS
Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Our easy, reliable cloud platform for video, voice, content sharing, and chat runs across mobile devices, desktops, telephones, and room systems.
"We use AWS Secrets Manager to store our secrets used by our applications on AWS and on-premises. We trust AWS Secrets Manager to manage our secrets as it scales quickly to meet our ever-increasing workloads and provides us with the best in the industry secret lifecycle management capabilities. Secrets Manager also allows us to tightly control access and audit our secrets to meet our high security bar. With Secrets Manager we are confident in the security of our secrets, allowing us to spend more time building new features that our customers love.”
Yasin Mohammed, Engineering Manager, Zoom Video Communications
Blog posts & articles
No items returned.
Learn more about the features to rotate, manage, and retrieve secrets through their lifecycle.
Instantly get access to the AWS Free Tier.
Get started building with AWS Secrets Manager in the AWS Console.