Understanding AWS Secrets Manager - AWS Online Tech Talks

  • 🎬 Video
  • ℹ️ Description
Understanding AWS Secrets Manager - AWS Online Tech Talks 5

For customers with hundreds or thousands of secrets, such as database credentials and API keys, manually rotating and managing access to secrets can be complex to orchestrate and cause application disruptions. AWS Secrets Manager is a secrets management service that helps you protect access to your IT resources by enabling you to easily rotate and manage access to secrets centrally. In this webinar, you will learn about the benefits and key features of AWS Secrets Manager. We will demonstrate how you can use AWS Secrets Manager to rotate secrets safely, manage access to secrets with fine-grained access policies, and secure and audit your secrets centrally.

Learning Objectives:
- How you can rotate secrets safely
- How you can manage access to secrets using fine-grained access policies
- How you can secure and audit secrets centrally

💬 Comments on the video

Hi apurv
I tried to implemant your tutorial on how to access secrets across aws accounts by attaching resource based policy but could not able to use it. Let me know the steps of creating iam role with secret key policy for this.

Author — Aman Babbar


Before using "aws" in your command line you will have to install and configure it first. In Windows it requires installing Python so you can PIP the aws-sdk. Then adding an IAM role in AWS with permission SecretsManagerReadWrite. In your cmd use "aws configure" to set the following settings:

AWS Secret Access Key: <IAM SECRET (shown only once created>
Default region name: <REGION ie. us-west-2>
Default output format: json

Then cmd: "aws secretsmanager get-secret-value --secret-id <YOUR SECRET NAME>"

Author — Eli Peters


Where to get Lambda function snippet used for key rotation?

Author — Velu Natarajan


Can we access secret manager across regions example I wana use keyparamer in one region to another

Author — Rohit Patil


Well done, easy to understand and follow.

Author — Jack Brown


This doesn't work unless you have a lot setup existing, you will run into may VPC issues...

Author — Josh Freeman


Pretty good video with the practical examples and so on. I didn't understand when there is a rotation the previous secret remains still usable for a while or it is immediately removed. In the 2nd option what to happen to the application if it doesn't recover quickly the new secret, lost the database connection? Probably I'll find out in the documention

Author — Giuseppe Borgese


This makes it so much easier for an attacker who hacked an application and was able to impersonate it to steal all the secrets conveniently through a standardized API rather than having to go looking for them in the

Author — clray123