Audit and monitor the use of secrets, and rotate secrets without risk of breaking applications Store and manage access to ...
Rotates Secrets Safely Manages access with fine-grained policies Secure and audit secrets centrally Pay as you go
• Built in integrations for rotating MySQL, PostgreSQL, and AmazonAurora on RDS • Extensible with Lambda • Use versioning ...
The stored secret might resemble the following: In Secrets Manager, a secret is typically a set of credentials (username a...
Component AWS Secrets Manger HashiCorpVault Pricing 0.40 per secret per month 0.05 per 10,000 API calls Opensource – need ...
1. Sign in to the AWS Secrets Manager console at https://console.aws.amazon.com/secretsmanager/. 2. On the secrets list pa...
12. Under Secret name and description, for Secret name, type tutorials/MyFirstTutorialSecret.This stores your secret in th...
1. On the secrets list page, choose the name of the new secret that you created in the previous section. The details page ...
These are the slides from the February 20th, 2019 meetup group on Amazon Web Services Secrets Manager Service.

  1. 1. Audit and monitor the use of secrets, and rotate secrets without risk of breaking applications Store and manage access to secrets securely and at scale AWS Secrets manager enables customers to rotate, manage, and retrieve database credentials,API Keys, and other secrets throughout their lifecycle. Avoid dealing with secrets in their applications IT ADMINS SECURITYADMINS DEVELOPERS
  2. 2. Rotates Secrets Safely Manages access with fine-grained policies Secure and audit secrets centrally Pay as you go
  3. 3. • Built in integrations for rotating MySQL, PostgreSQL, and AmazonAurora on RDS • Extensible with Lambda • Use versioning so that applications don’t break when secrets are rotated Photo by Isis França on Unsplash
  4. 4. The stored secret might resemble the following: In Secrets Manager, a secret is typically a set of credentials (username and password) and the connection details that you use to access a secured service. { “host”:”ProdServer-01.databases.example.com”, “port”: “8888”, “username”: “administrator” “password”: “MyS3cretP@ssword”, “dbname”: “MyDatabase”, “engine”: “mysql” }
  5. 5. Component AWS Secrets Manger HashiCorpVault Pricing 0.40 per secret per month 0.05 per 10,000 API calls Opensource – need to pay for EC2 instance cost Management AWS Managed Service You Manage API / SDK integration Fully integrated Fully integrated Native Integrations KMS Terraform
  7. 7. 1. Sign in to the AWS Secrets Manager console at https://console.aws.amazon.com/secretsmanager/. 2. On the secrets list page choose Store a new secret. 3. On the Store a new secret page, choose Other type of secret. 4. For Select the encryption key, choose DefaultEncryptionKey.You aren't charged by AWS KMS if you use the default AWS managed key that Secrets Manager creates in your account. 5. Under Credentials you want to store, choose Secret key : Secret value so that you can type the secret as key-value pairs. 6. In the first text box, type username. In the second box, type: myserviceusername. 7. Choose +Add row to add a second key-value pair. 8. In the first box, type password. In the second box, type: MyVerySecureP@ssw0rd!. 9. Choose Plaintext above the boxes to see the JSON version of the secret text that will be stored in the SecretString field of the secret. 10. For Select the encryption key, leave it set at the default value DefaultEncryptionKey. 11. Choose Next. 12. Under Secret name and description, for Secret name, type tutorials/MyFirstTutorialSecret.This stores your secret in the virtual folder "tutorials". To create and store your secret
  8. 8. 12. Under Secret name and description, for Secret name, type tutorials/MyFirstTutorialSecret.This stores your secret in the virtual folder "tutorials". 13. For Description, type something like: The secret I created for the first tutorial. 14. Choose Next. 15. In this tutorial, we don't use rotation, so choose Disable automatic rotation, and then choose Next. 16. On the Review page, you can check all of the settings you chose. Also, be sure to review the Sample code section that has cut-and-paste–enabled code that you can put into your own apps to use this secret to retrieve the credentials. Each tab has the same code in different programming languages. 17. To save your changes, choose Store. To create and store your secret
  9. 9. 1. On the secrets list page, choose the name of the new secret that you created in the previous section. The details page for your secret appears. 2. In the Credential data section, choose Retrieve secret value. 3. You can view your secret as either key-value pairs, or as a JSON text structure. To create and store your secret (Via the AWS Console) 1. Open a command prompt where you can run the AWS CLI. 2. Type the following command: aws secretsmanager describe-secret --secret-id tutorials/MyFirstTutorialSecret 3. Type the following command to see the encrypted secret: aws secretsmanager get-secret-value --secret-id tutorials/MyFirstTutorialSecret --version-stage AWSCURRENT To create and store your secret (Via the AWS CLI)

