What is AWS Secrets Manager?

AWS Secrets Manager enables you to store, rotate, manage, and retrieve database credentials, OAuth tokens, API keys, application credentials, and other secrets throughout their lifecycle.

Key Features of Secrets Manager:

Secrets Storage: AWS Secrets Manager securely stores sensitive information such as database passwords, API keys, and other secrets. Secrets are stored in a central repository.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Rotation: Secrets Manager supports automatic rotation of credentials, such as database passwords. This helps enhance security by regularly updating credentials without manual intervention.

Versioning: Secrets Manager supports versioning of secrets, allowing you to retrieve previous versions if needed. This is useful for auditing and rollback scenarios.

Integration with AWS Services: Secrets Manager integrates with various AWS services, including Amazon RDS, Amazon Redshift, and others, allowing you to use secrets directly in your applications.

Download Banner

Access Control: IAM (Identity and Access Management) policies are used to control access to secrets. You can define policies to restrict which users or services can retrieve or modify secrets.

Automatic Encryption: Secrets are encrypted using AWS Key Management Service (KMS). AWS Secrets Manager automatically encrypts and decrypts the secrets using KMS for enhanced security.

Use Cases of AWS Secrets Manager:

Database Credentials Management: – Manage and rotate database credentials securely, reducing the risk of unauthorized access.

API Key Management: – Store and rotate API keys used by applications to access third-party services.

Sensitive Configuration Information: – Store sensitive configuration information required by applications, such as encryption keys or connection strings.

Automated Credential Rotation: – Implement automatic rotation of credentials for enhanced security.

How AWS Secrets Manager Works:

Create a Secret:
To get started, you create a secret in AWS Secrets Manager. This secret can contain various types of sensitive information, such as database credentials, API keys, or any other secret data.

Access Control with IAM:
Define IAM policies to control access to the secret. IAM roles or users are granted permission to read or update secrets based on their needs.

Rotation Policies:
Configure rotation policies for secrets that require regular credential rotation. This ensures that credentials are automatically updated at scheduled intervals.

Integration with AWS Services:
Use secrets directly in your applications or integrate them with AWS services. For example, you can configure an Amazon RDS instance to use a secret stored in AWS Secrets Manager.

Versioning:
As secrets are updated or rotated, new versions are created. Secrets Manager maintains a history of versions, allowing you to retrieve previous versions if needed.

Automatic Encryption:
Secrets stored in AWS Secrets Manager are automatically encrypted using AWS Key Management Service (KMS). You can choose the KMS key to use or allow Secrets Manager to create a default key.

Monitoring and Auditing:
Secrets Manager provides logging and auditing capabilities, allowing you to monitor who accessed or modified secrets. This helps in compliance and security monitoring.

Rotation Execution:
For secrets with rotation policies, AWS Secrets Manager executes the rotation process automatically. This might involve updating credentials in the target service and creating a new version of the secret.

How to Store a New Secret in AWS Secret Manager

1. Log in to the AWS console. Navigate to the AWS secrets manager. Click on “Store a new secret

aws secrets manager python

2. Select the secret type. This is essential since the secret manager supports rotating the secrets.

what is aws secrets manager

3. Enter the username and password to store in the secret manager.

how to retrieve secrets from aws secrets manager

4. If you choose “other secret type”, you can store the key/value pair.

what is aws secrets manager

5. Enter the secret name and description.

how aws secrets manager works

6. Click next to continue.

How to Create & Retrieve Secrets Using AWS Secrets Manager

7. Rotate Secret: Configure rotation if needed, to rotate this secret automatically. If enabled, you can also set the rotation schedule.

AWS Secret Manager

8. You can also invoke the Lambda rotation function.

How to Create & Retrieve Secrets Using AWS Secrets Manager

9. On the Review page, review your secret details, and then choose Store. It provides the sample code to retrieve the secrets using sdk. You can download AWS SDK using any of the sample codes. If needed, you can access these secrets by simply calling the API.

aws secret manager

10. The secret is successfully stored and listed now.

AWS Secrets Manager

How to Retrieve Secrets from AWS Secret Manager

You can now retrieve the stored secret using downloaded AWS SDK. In this article, I’ve shown retrieving secret from AWS secrets manager using Python SDK.

[root@centos9 tmp]# cat retrive_secert.py
# Use this code snippet in your app.
# If you need more information about configurations
# or implementing the sample code, visit the AWS docs:
# https://aws.amazon.com/developer/language/python/

import boto3
from botocore.exceptions import ClientError

def get_secret():

secret_name = “prod-bdrdb-test”
region_name = “us-east-1”

# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name=’secretsmanager’,
region_name=region_name
)

try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
except ClientError as e:
# For a list of exceptions thrown, see
# https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
raise e

secret = get_secret_value_response[‘SecretString’]
print (secret)

# Your code goes here.
get_secret()
[root@centos9 tmp]#

Result:

[root@centos9 tmp]# python3 retrive_secert.py
{“bdr_admin”:”Test@123″}
[root@centos9 tmp]#

Conclusion

AWS Secrets Manager simplifies the management of sensitive information in your applications by providing a centralized and secure storage solution. It is designed to enhance security, streamline credential management, and reduce the complexity of handling secrets in your environment.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post