What is AWS Secrets Manager?
AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. It enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets.
Key Features
1. Automatic Rotation
- Can automatically rotate the password for your RDS database every X days without breaking your application.
- Uses a Lambda function to update the database password and the generic secret simultaneously.
2. Centralized Auditing
- Integrates with CloudTrail to show exactly who accessed your production database password and when.
Exam Tips
[!IMPORTANT] Secrets Manager vs Systems Manager Parameter Store:
- Secrets Manager: Cost money ($0.40/secret), but handles Automatic Rotation.
- Parameter Store: Free (Standard), but No Automatic Rotation.
[!NOTE] RDS Integration: Secrets Manager has built-in integration specifically for RDS to handle credential rotation smoothly.
Common Use Cases
- Database Credentials: storing the username and password for a production MySQL database.
- API Keys: Storing the API key for a 3rd party service (e.g., Stripe, Twilio).