1

I am creating a new secret in AWS secret manager from the AWS console I used default encryption key to encrypt it. When I retrieve the secret from console I see it as plain text. Can the secret be encrypted (not see it as plain text) and saved in AWS console

Aishvarya Suryawanshi
  • 55
  • 7

1 Answers1

2

By default access to AWS secret manager is private and not allow to any IAM users or roles. The fact that you or someone else can view them, means they have been explicitly allowed to access the secrets.

Thus, if you have any users who should not see the secrets, deny them secretsmanager:GetSecretValue permissions or any actions that you don't want them to be able to perform.

Marcin
  • 215,873
  • 14
  • 235
  • 294
  • So that means , if I have another admin user , their is no way that I can encrypt the access token in secret manager console, but to add policies in IAM – Aishvarya Suryawanshi Dec 03 '20 at 12:48
  • @AishvaryaSuryawanshi That's correct. By default admin can do everything, unless you specify otherwise using iam policies. But then, if they have rights to manage iam policies in the first place, then can modify the policies as they wish. – Marcin Dec 03 '20 at 22:36