name: Amazon Secrets Manager description: >- Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. It provides centralized secrets management with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB, enabling automatic rotation of secrets without requiring application changes. url: https://aws.amazon.com/secrets-manager/ baseURL: https://secretsmanager.amazonaws.com kind: company created: '2024-01-01' modified: '2026-05-19' tags: - AWS - Configuration - Credentials - Rotation - Secrets - Security apis: - name: Amazon Secrets Manager API description: >- The Amazon Secrets Manager API for creating, managing, retrieving, and rotating secrets including database credentials, API keys, and other sensitive configuration. humanURL: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ baseURL: https://secretsmanager.{region}.amazonaws.com tags: - Security - Secrets - Credentials - Rotation properties: - type: Documentation url: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ - type: OpenAPI url: openapi/amazon-secrets-manager-openapi.yml - type: JSONSchema url: json-schema/amazon-secrets-manager-secret-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-secret-value-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-rotation-rules-schema.json common: - type: PostmanWorkspace url: https://www.postman.com/kinlaneapi/amazon-secrets-manager/overview - type: ArazzoWorkflows url: arazzo/ workflows: - url: arazzo/amazon-secrets-manager-create-and-read-secret-workflow.yml name: Amazon Secrets Manager Create and Read Secret summary: Create a new secret, then immediately retrieve its decrypted value to confirm it was stored. - url: arazzo/amazon-secrets-manager-find-and-delete-secret-workflow.yml name: Amazon Secrets Manager Find and Delete Secret summary: >- List secrets filtered by name, branch on whether a match exists, then describe and schedule deletion of the matched secret. - url: arazzo/amazon-secrets-manager-generate-password-and-store-secret-workflow.yml name: Amazon Secrets Manager Generate Password and Store Secret summary: Generate a random password, store it as a new secret, then read the secret value back to confirm it was saved. - url: arazzo/amazon-secrets-manager-restore-deleted-secret-workflow.yml name: Amazon Secrets Manager Restore Deleted Secret summary: >- Cancel the scheduled deletion of a secret with RestoreSecret, then describe it to confirm the DeletedDate was cleared. - url: arazzo/amazon-secrets-manager-rotate-and-describe-workflow.yml name: Amazon Secrets Manager Rotate and Describe summary: >- Start rotation on a secret with a Lambda rotation function, then describe it to confirm rotation is configured. - url: arazzo/amazon-secrets-manager-rotate-version-and-verify-workflow.yml name: Amazon Secrets Manager Put New Version and Verify summary: >- Store a new encrypted version of a secret with PutSecretValue, then read the current value to confirm the update. - url: arazzo/amazon-secrets-manager-tag-secret-and-verify-workflow.yml name: Amazon Secrets Manager Tag Secret and Verify summary: >- Attach tags to a secret with TagResource, then describe the secret to confirm the tags are present in its metadata. - url: arazzo/amazon-secrets-manager-update-metadata-and-verify-workflow.yml name: Amazon Secrets Manager Update Metadata and Verify summary: >- Update a secret's description and KMS key with UpdateSecret, then describe it to confirm the new metadata was applied. - type: Portal url: https://aws.amazon.com/ - type: GettingStarted url: https://aws.amazon.com/secrets-manager/getting-started/ - type: Documentation url: https://docs.aws.amazon.com/secretsmanager/latest/userguide/ - type: APIReference url: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ - type: Console url: https://console.aws.amazon.com/secretsmanager/ - type: SignUp url: https://portal.aws.amazon.com/billing/signup - type: Pricing url: https://aws.amazon.com/secrets-manager/pricing/ - type: FAQ url: https://aws.amazon.com/secrets-manager/faqs/ - type: Blog url: https://aws.amazon.com/blogs/security/ - type: StatusPage url: https://health.aws.amazon.com/health/status - type: Support url: https://aws.amazon.com/support/ - type: TermsOfService url: https://aws.amazon.com/service-terms/ - type: PrivacyPolicy url: https://aws.amazon.com/privacy/ - type: Security url: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security.html - type: Compliance url: https://aws.amazon.com/compliance/ - type: GitHubOrganization url: https://github.com/aws - type: YouTube url: https://www.youtube.com/user/AmazonWebServices - type: StackOverflow url: https://stackoverflow.com/questions/tagged/aws-secrets-manager - type: KnowledgeCenter url: https://repost.aws/knowledge-center - type: CLI url: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/ - type: SpectralRules url: rules/amazon-secrets-manager-spectral-rules.yml - type: Vocabulary url: vocabulary/amazon-secrets-manager-vocabulary.yaml - type: Features data: - name: Automatic Secret Rotation description: >- Automatically rotate secrets on a schedule using AWS Lambda rotation functions without changing application code. - name: Centralized Secret Storage description: Store and manage all secrets in a single, centralized location with fine-grained access controls. - name: Native Database Integration description: Built-in integration with Amazon RDS, Aurora, Redshift, and DocumentDB for automatic credential rotation. - name: Secret Versioning description: Maintain multiple versions of a secret simultaneously to support zero-downtime rotation. - name: Audit and Compliance description: Log all secret access and management actions via AWS CloudTrail for compliance and audit purposes. - name: Cross-Account Access description: Share secrets across AWS accounts using resource-based policies. - name: Encryption at Rest description: All secrets are encrypted at rest using AWS KMS keys you control. - name: Random Password Generation description: Generate cryptographically secure random passwords with configurable complexity requirements. - type: UseCases data: - name: Database Credential Management description: Automatically rotate and manage database credentials for RDS, Aurora, and other databases. - name: API Key Storage description: Securely store and retrieve API keys, OAuth tokens, and other third-party service credentials. - name: Application Configuration description: Centralize sensitive application configuration such as connection strings and encryption keys. - name: Cross-Service Credentials description: Share service-to-service credentials securely across microservices without embedding in code. - name: Compliance Secret Rotation description: Meet compliance requirements like PCI DSS and SOC 2 by enforcing regular credential rotation. - name: Secrets Lifecycle Governance description: Enforce organizational policies on secret creation, rotation schedules, and access patterns. - type: Integrations data: - name: Amazon RDS description: Native integration for automatic rotation of RDS database credentials. - name: Amazon Aurora description: Built-in support for rotating Aurora database master user passwords. - name: Amazon Redshift description: Automatic rotation of Redshift cluster credentials. - name: Amazon DocumentDB description: Native rotation support for DocumentDB user credentials. - name: AWS Lambda description: Lambda-powered custom rotation functions for any secret type. - name: AWS CloudTrail description: Audit logging of all Secrets Manager API calls via CloudTrail. - name: AWS KMS description: Encryption of secrets at rest using customer-managed KMS keys. - name: AWS IAM description: Fine-grained access control for secrets using IAM policies and resource-based policies. - name: AWS CloudFormation description: Provision and manage secrets as part of CloudFormation stacks. - type: JSONLD url: json-ld/amazon-secrets-manager-context.jsonld - type: JSONSchema url: json-schema/amazon-secrets-manager-get-random-password-response-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-list-secrets-response-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-tag-schema.json - type: JSONStructure url: json-structure/amazon-secrets-manager-get-random-password-response-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-list-secrets-response-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-rotation-rules-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-secret-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-secret-value-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-tag-structure.json - type: Example url: examples/amazon-secrets-manager-get-random-password-response-example.json - type: Example url: examples/amazon-secrets-manager-list-secrets-response-example.json - type: Example url: examples/amazon-secrets-manager-rotation-rules-example.json - type: Example url: examples/amazon-secrets-manager-secret-example.json - type: Example url: examples/amazon-secrets-manager-secret-value-example.json - type: Example url: examples/amazon-secrets-manager-tag-example.json - type: Integrations url: https://aws.amazon.com/partners/ maintainer: Kin Lane integrations: - name: Partner Programs - name: Resources - name: Success Stories - name: Work with an AWS Partner - name: AWS Marketplace - name: AWS Partner Central - name: Partner Paths - name: co-sell with AWS