AWS Secrets Manager enables customers to securely store and centrally manage secrets like database credentials and API keys. It integrates with services like RDS to allow automated and safe rotation of secrets without breaking applications. Secrets Manager provides fine-grained access control and auditing of secrets through encryption and permissions. Developers can retrieve secrets from applications using SDKs and APIs.

3. Audit and monitor the use of secrets, and rotate secrets without risk of breaking
applications
Store and manage access to secrets securely and at scale
AWS Secrets manager enables customers to rotate, manage, and retrieve
database credentials,API Keys, and other secrets throughout their lifecycle.
Avoid dealing with secrets in their applications
IT ADMINS
SECURITYADMINS
DEVELOPERS

5. Rotates Secrets Safely Manages access with fine-grained
policies
Secure and audit secrets centrally Pay as you go

6. • Built in integrations for rotating MySQL, PostgreSQL, and
AmazonAurora on RDS
• Extensible with Lambda
• Use versioning so that applications don’t break when
secrets are rotated
Photo by Isis França on Unsplash

10. The stored secret might resemble the following:
In Secrets Manager, a secret is
typically a set of credentials
(username and password) and
the connection details that you
use to access a secured service.
{
“host”:”ProdServer-01.databases.example.com”,
“port”: “8888”,
“username”: “administrator”
“password”: “MyS3cretP@ssword”,
“dbname”: “MyDatabase”,
“engine”: “mysql”
}

11. Component AWS Secrets Manger HashiCorpVault
Pricing 0.40 per secret per month
0.05 per 10,000 API calls
Opensource – need to pay for EC2 instance cost
Management AWS Managed Service You Manage
API / SDK integration Fully integrated Fully integrated
Native Integrations KMS Terraform

12. https://www.meetup.com/AWS-Atlanta/contribute/

13. 1. Sign in to the AWS Secrets Manager console at https://console.aws.amazon.com/secretsmanager/.
2. On the secrets list page choose Store a new secret.
3. On the Store a new secret page, choose Other type of secret.
4. For Select the encryption key, choose DefaultEncryptionKey.You aren't charged by AWS KMS if you
use the default AWS managed key that Secrets Manager creates in your account.
5. Under Credentials you want to store, choose Secret key : Secret value so that you can type the secret
as key-value pairs.
6. In the first text box, type username. In the second box, type: myserviceusername.
7. Choose +Add row to add a second key-value pair.
8. In the first box, type password. In the second box, type: MyVerySecureP@ssw0rd!.
9. Choose Plaintext above the boxes to see the JSON version of the secret text that will be stored in
the SecretString field of the secret.
10. For Select the encryption key, leave it set at the default value DefaultEncryptionKey.
11. Choose Next.
12. Under Secret name and description, for Secret name, type tutorials/MyFirstTutorialSecret.This stores
your secret in the virtual folder "tutorials".
To create and store your secret

14. 12. Under Secret name and description, for Secret name, type tutorials/MyFirstTutorialSecret.This stores
your secret in the virtual folder "tutorials".
13. For Description, type something like: The secret I created for the first tutorial.
14. Choose Next.
15. In this tutorial, we don't use rotation, so choose Disable automatic rotation, and then choose Next.
16. On the Review page, you can check all of the settings you chose. Also, be sure to review the Sample
code section that has cut-and-paste–enabled code that you can put into your own apps to use this secret
to retrieve the credentials. Each tab has the same code in different programming languages.
17. To save your changes, choose Store.
To create and store your secret

15. 1. On the secrets list page, choose the name of the new secret that you created in the previous section.
The details page for your secret appears.
2. In the Credential data section, choose Retrieve secret value.
3. You can view your secret as either key-value pairs, or as a JSON text structure.
To create and store your secret (Via the AWS Console)
1. Open a command prompt where you can run the AWS CLI.
2. Type the following command:
aws secretsmanager describe-secret --secret-id
tutorials/MyFirstTutorialSecret
3. Type the following command to see the encrypted secret:
aws secretsmanager get-secret-value --secret-id
tutorials/MyFirstTutorialSecret --version-stage AWSCURRENT
To create and store your secret (Via the AWS CLI)