Stack Overflow
Stack Overflow

Questions tagged [aws-secrets-manager]

AWS Secrets Manager helps encrypt, store, and retrieve credentials for your databases and other services. Instead of hardcoding credentials in apps, you can make calls to Secrets Manager to retrieve credentials whenever needed. Secrets Manager helps protect access to IT resources and data by rotating and managing access to secrets.

See also: What Is AWS Secrets Manager? - AWS Secrets Manager

864 questions
6
votes
1 answer

Concatenate AWS Secrets in aws-cdk for ECS container

how do you go about making a postgres URI connection string from a Credentials.fromGeneratedSecret() call without writing the secrets out using toString()? I think I read somewhere making a lambda that does that, but man that seems kinda…
Trevor Dilley
  • 61
  • 2
6
votes
1 answer

Using secrets from AWS Secrets Manager in a CDK stack using ECS + Fargate

I have defined a CDK app stack using TypeScript (sensitive information rendomized in the code below): import * as cdk from "@aws-cdk/core"; import * as ec2 from "@aws-cdk/aws-ec2"; import * as ecs from "@aws-cdk/aws-ecs"; import * as ecr from…
Daksh
  • 956
  • 6
  • 19
6
votes
2 answers

AWS System Manager Parameter Store vs Secrets Manager vs Environment Variation in Lambda, when to use which

Encountered a few speicific use cases that I'm somewhat confused to use which: A large number of free, public API keys. Using lambda environment variable with encyption, other developer/admin can still expose their plaintext value right in the…
fika_fika
  • 111
  • 1
  • 10
6
votes
1 answer

How do I add Secrets Manager IAM permission?

I'm reading the CDK docs about the SecretsManager and I'm not sure if I've mis-understood, but what I thought would work from their example doesn't seem to grant the permission I expected. Essentially I have a stack that contains some Lambdas, and…
Ian
  • 33,605
  • 26
  • 118
  • 198
6
votes
2 answers

Question about creating credential rotation Lambda function for Aurora MySQL RDS database

I found this rotation function template, I'm going to modify this template to create my own rotation function and tell Secrets Manager to use it perform the rotation. My question is which part in the template should I change, it's not very clear in…
wawawa
  • 2,835
  • 6
  • 44
  • 105
6
votes
1 answer

CloudFormation Secrets

I would like to stick to a policy of "all infrastructure is code". However, I can't see a way to do that for secrets with CloudFormation. SecretsManager requires that you specify the SecretString in plain text. Even if you inject a decrypted value…
Tim
  • 1,013
  • 1
  • 10
  • 16
6
votes
2 answers

How to maintain secrets used in Dockerfile?

Below is the snippet of docker-compose file having passwords: test: build: ../../ dockerfile: docker/dev/Dockerfile volumes_from: - cache links: - db environment: DJANGO_SETTINGS_MODULE: todobackend.settings.test …
overexchange
  • 15,768
  • 30
  • 152
  • 347
6
votes
3 answers

AWS Secret can't be converted into key names and value pairs

I have a python script that creates some access keys in AWS and stores them in secrets manager. However, when I store the keys I get an error that says: The secret value can't be converted to key name and value pairs The secret is stored like this…
bluethundr
  • 1,005
  • 17
  • 68
  • 141
6
votes
4 answers

Aurora Serverless password rotation setup using CloudFormation (and Lambda rotation templates)

AWS has Fully Configured and Ready-to-Use Rotation Support for some supported RDS engines, including Amazon Aurora (Serverless also?) I'm trying to setup the password rotation in my CloudFormation template using AWS::SecretsManager::RotationSchedule…
Yves M.
  • 29,855
  • 23
  • 108
  • 144
5
votes
0 answers

Terraform Import AWS Secrets Manager Secret Version

AWS maintains a secret versioning system, a new version is created if the secret value is updated or if the secret is rotated. I am in the process of getting existing secrets in AWS under the purview of Terraform. As step 1 I declared all the…
Abhishek Malik
  • 305
  • 4
  • 14
5
votes
1 answer

AWS Secrets Manager Design/Naming Conventions?

I'm trying to think of the best naming convention for storing AWS Secrets across different projects and files accessing different database. Essentially I'm removing some legacy code from many files with hard-coded credentials. What is the best way…
andruidthedude
  • 165
  • 1
  • 8
5
votes
1 answer

AWS SecretsManager works in Eclipse, can't connect to Service Endpoint in ColdFusion

I have the following class written in Java using Eclipse on my Amazon EC2 instance. import java.nio.ByteBuffer; import com.amazonaws.auth.*; import com.amazonaws.client.builder.AwsClientBuilder; import…
RickInWestPalmBeach
  • 548
  • 6
  • 20
5
votes
2 answers

AWS SecretsManager value won't resolve

I'm using aws-cdk-lib (2.13.0). Here's a snippet of my code: import { App, Stack } from 'aws-cdk-lib'; import { Secret } from 'aws-cdk-lib/aws-secretsmanager'; export class CognitoStack extends Stack { constructor(scope: App) { super(scope,…
Brian Anderson
  • 621
  • 7
  • 22
5
votes
0 answers

AWS SecretsManager filter by tags?

I started in boto3, but realised this applies to CLI as well. I read a few questions that suggest I can set filter like this to get a secret with a Name of Production or Staging : res = sm.list_secrets(Filters=[ { 'Key': 'tag-key', 'Values':…
Max Allan
  • 859
  • 1
  • 8
  • 25
5
votes
2 answers

Serverless: create api key from SecretsManager value

I have a Serverless stack deploying an API to AWS. I want to protect it using an API key stored in Secrets manager. The idea is to have the value of the key in SSM, pull it on deploy and use it as my API key. serverless.yml service:…
xShirase
  • 11,975
  • 4
  • 53
  • 85
1 2 3
57 58