Getting Started with AWS Secrets Manager [Cheat Sheet]
Studying for the AWS Certified Security Specialty exam, or deploying an application or resources on AWS that need access to long-term secrets? You need to learn about AWS Secrets Manager.
What is Secrets Manager?
Secrets Manager makes it simple to manage, rotate, and securely store encrypted secrets in the AWS cloud.
While it’s generally best to use short-term credentials instead of long-term credentials whenever you can, this isn’t always possible or feasible. In that case, you still want to remove long-term creds from your source code and repositories, and you can use a service like Secrets Manager to do that.
What are common scenarios?
Any time you need to store a long-term secret, you can benefit from using a service like this. But some common use cases for Secrets Manager specifically include storing:
- Database credentials
- API keys
- Hybrid workloads
- Third-party tokens (like OAuth tokens)
What do I need to know about it?
Regardless of whether you are studying for the cert exam or for practical uses, you need to understand:
- How secrets get generated (incl. with metadata and versioning)
- How Secrets Manager uses KMS for encryption (and what that means for policies / access control)
- How to leverage VPC Endpoints to make sure secrets traffic never leaves your private network
- How to troubleshoot access issues with your apps/services
- How to rotate secrets
There’s more info about all of the above including use cases and useful CLI commands in the cheat sheet below, so check it out and feel free to download it!
(P.S.: We have multiple Hands-On Labs that teach Secrets Manager, including enumeration and exfiltration; check those out if you want hands-on experience)
Responses