I'm currently rotating a secret on AWS Secret Manager but it seems to be using the old value shortly afterwards. Does the rotation cache the secret straight after rotation and if so for how long?
Asked
Active
Viewed 414 times
1 Answers
1
I think what you are describing is due to lag between:
the change of the actual password and the change in the corresponding secret that tells the client which password to use incurs a risk.
Which is known phenomena described in the AWS docs.
The AWS docs also specifies:
This should typically be a few seconds, and you must allow for the time in your application code using the secret. Be sure to enable retries with some delay in between to be tolerant of this short-term outage during a rotation.
The alternative is to use Two uses in your database as explained here
Marcin
- 215,873
- 14
- 235
- 294