Amazon Secrets Manager
Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. It provides centralized secrets management with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB, enabling automatic rotation of secrets without requiring application changes.
APIs
Amazon Secrets Manager API
The Amazon Secrets Manager API for creating, managing, retrieving, and rotating secrets including database credentials, API keys, and other sensitive configuration.
Capabilities
Amazon Secrets Manager Secrets Management
Unified capability for managing application secrets lifecycle including creation, retrieval, rotation, and deletion. Used by DevOps Engineers and Application Developers.
Run with NaftikoFeatures
Automatically rotate secrets on a schedule using AWS Lambda rotation functions without changing application code.
Store and manage all secrets in a single, centralized location with fine-grained access controls.
Built-in integration with Amazon RDS, Aurora, Redshift, and DocumentDB for automatic credential rotation.
Maintain multiple versions of a secret simultaneously to support zero-downtime rotation.
Log all secret access and management actions via AWS CloudTrail for compliance and audit purposes.
Share secrets across AWS accounts using resource-based policies.
All secrets are encrypted at rest using AWS KMS keys you control.
Generate cryptographically secure random passwords with configurable complexity requirements.
Use Cases
Automatically rotate and manage database credentials for RDS, Aurora, and other databases.
Securely store and retrieve API keys, OAuth tokens, and other third-party service credentials.
Centralize sensitive application configuration such as connection strings and encryption keys.
Share service-to-service credentials securely across microservices without embedding in code.
Meet compliance requirements like PCI DSS and SOC 2 by enforcing regular credential rotation.
Enforce organizational policies on secret creation, rotation schedules, and access patterns.
Integrations
Native integration for automatic rotation of RDS database credentials.
Built-in support for rotating Aurora database master user passwords.
Automatic rotation of Redshift cluster credentials.
Native rotation support for DocumentDB user credentials.
Lambda-powered custom rotation functions for any secret type.
Audit logging of all Secrets Manager API calls via CloudTrail.
Encryption of secrets at rest using customer-managed KMS keys.
Fine-grained access control for secrets using IAM policies and resource-based policies.
Provision and manage secrets as part of CloudFormation stacks.