Amazon Secrets Manager
Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. It provides centralized secrets management with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB, enabling automatic rotation of secrets without requiring application changes.
APIs
Amazon Secrets Manager API
The Amazon Secrets Manager API for creating, managing, retrieving, and rotating secrets including database credentials, API keys, and other sensitive configuration.
Collections
Amazon Secrets Manager API
POSTMANArazzo Workflows
Amazon Secrets Manager Create and Read Secret
Create a new secret, then immediately retrieve its decrypted value to confirm it was stored.
ARAZZOAmazon Secrets Manager Find and Delete Secret
List secrets filtered by name, branch on whether a match exists, then describe and schedule deletion of the matched secret.
ARAZZOAmazon Secrets Manager Generate Password and Store Secret
Generate a random password, store it as a new secret, then read the secret value back to confirm it was saved.
ARAZZOAmazon Secrets Manager Restore Deleted Secret
Cancel the scheduled deletion of a secret with RestoreSecret, then describe it to confirm the DeletedDate was cleared.
ARAZZOAmazon Secrets Manager Rotate and Describe
Start rotation on a secret with a Lambda rotation function, then describe it to confirm rotation is configured.
ARAZZOAmazon Secrets Manager Put New Version and Verify
Store a new encrypted version of a secret with PutSecretValue, then read the current value to confirm the update.
ARAZZOAmazon Secrets Manager Tag Secret and Verify
Attach tags to a secret with TagResource, then describe the secret to confirm the tags are present in its metadata.
ARAZZOAmazon Secrets Manager Update Metadata and Verify
Update a secret's description and KMS key with UpdateSecret, then describe it to confirm the new metadata was applied.
ARAZZOPricing Plans
Rate Limits
FinOps
Features
Automatically rotate secrets on a schedule using AWS Lambda rotation functions without changing application code.
Store and manage all secrets in a single, centralized location with fine-grained access controls.
Built-in integration with Amazon RDS, Aurora, Redshift, and DocumentDB for automatic credential rotation.
Maintain multiple versions of a secret simultaneously to support zero-downtime rotation.
Log all secret access and management actions via AWS CloudTrail for compliance and audit purposes.
Share secrets across AWS accounts using resource-based policies.
All secrets are encrypted at rest using AWS KMS keys you control.
Generate cryptographically secure random passwords with configurable complexity requirements.
Use Cases
Automatically rotate and manage database credentials for RDS, Aurora, and other databases.
Securely store and retrieve API keys, OAuth tokens, and other third-party service credentials.
Centralize sensitive application configuration such as connection strings and encryption keys.
Share service-to-service credentials securely across microservices without embedding in code.
Meet compliance requirements like PCI DSS and SOC 2 by enforcing regular credential rotation.
Enforce organizational policies on secret creation, rotation schedules, and access patterns.