name: Amazon Secrets Manager description: Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycle. It provides centralized secrets management with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB, enabling automatic rotation of secrets without requiring application changes. url: https://aws.amazon.com/secrets-manager/ baseURL: https://secretsmanager.amazonaws.com kind: company created: '2024-01-01' modified: '2026-05-19' tags: - AWS - Configuration - Credentials - Rotation - Secrets - Security apis: - name: Amazon Secrets Manager API description: The Amazon Secrets Manager API for creating, managing, retrieving, and rotating secrets including database credentials, API keys, and other sensitive configuration. humanURL: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ baseURL: https://secretsmanager.{region}.amazonaws.com tags: - Security - Secrets - Credentials - Rotation properties: - type: Documentation url: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ - type: OpenAPI url: openapi/amazon-secrets-manager-openapi.yml - type: JSONSchema url: json-schema/amazon-secrets-manager-secret-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-secret-value-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-rotation-rules-schema.json - type: NaftikoCapability url: capabilities/amazon-secrets-manager-general.yaml - type: NaftikoCapability url: capabilities/amazon-secrets-manager-passwords.yaml - type: NaftikoCapability url: capabilities/amazon-secrets-manager-rotation.yaml - type: NaftikoCapability url: capabilities/amazon-secrets-manager-secrets.yaml common: - type: Portal url: https://aws.amazon.com/ - type: GettingStarted url: https://aws.amazon.com/secrets-manager/getting-started/ - type: Documentation url: https://docs.aws.amazon.com/secretsmanager/latest/userguide/ - type: APIReference url: https://docs.aws.amazon.com/secretsmanager/latest/apireference/ - type: Console url: https://console.aws.amazon.com/secretsmanager/ - type: SignUp url: https://portal.aws.amazon.com/billing/signup - type: Pricing url: https://aws.amazon.com/secrets-manager/pricing/ - type: FAQ url: https://aws.amazon.com/secrets-manager/faqs/ - type: Blog url: https://aws.amazon.com/blogs/security/ - type: StatusPage url: https://health.aws.amazon.com/health/status - type: Support url: https://aws.amazon.com/support/ - type: TermsOfService url: https://aws.amazon.com/service-terms/ - type: PrivacyPolicy url: https://aws.amazon.com/privacy/ - type: Security url: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security.html - type: Compliance url: https://aws.amazon.com/compliance/ - type: GitHubOrganization url: https://github.com/aws - type: YouTube url: https://www.youtube.com/user/AmazonWebServices - type: StackOverflow url: https://stackoverflow.com/questions/tagged/aws-secrets-manager - type: KnowledgeCenter url: https://repost.aws/knowledge-center - type: CLI url: https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/ - type: SpectralRules url: rules/amazon-secrets-manager-spectral-rules.yml - type: Vocabulary url: vocabulary/amazon-secrets-manager-vocabulary.yaml - type: Features data: - name: Automatic Secret Rotation description: Automatically rotate secrets on a schedule using AWS Lambda rotation functions without changing application code. - name: Centralized Secret Storage description: Store and manage all secrets in a single, centralized location with fine-grained access controls. - name: Native Database Integration description: Built-in integration with Amazon RDS, Aurora, Redshift, and DocumentDB for automatic credential rotation. - name: Secret Versioning description: Maintain multiple versions of a secret simultaneously to support zero-downtime rotation. - name: Audit and Compliance description: Log all secret access and management actions via AWS CloudTrail for compliance and audit purposes. - name: Cross-Account Access description: Share secrets across AWS accounts using resource-based policies. - name: Encryption at Rest description: All secrets are encrypted at rest using AWS KMS keys you control. - name: Random Password Generation description: Generate cryptographically secure random passwords with configurable complexity requirements. - type: UseCases data: - name: Database Credential Management description: Automatically rotate and manage database credentials for RDS, Aurora, and other databases. - name: API Key Storage description: Securely store and retrieve API keys, OAuth tokens, and other third-party service credentials. - name: Application Configuration description: Centralize sensitive application configuration such as connection strings and encryption keys. - name: Cross-Service Credentials description: Share service-to-service credentials securely across microservices without embedding in code. - name: Compliance Secret Rotation description: Meet compliance requirements like PCI DSS and SOC 2 by enforcing regular credential rotation. - name: Secrets Lifecycle Governance description: Enforce organizational policies on secret creation, rotation schedules, and access patterns. - type: Integrations data: - name: Amazon RDS description: Native integration for automatic rotation of RDS database credentials. - name: Amazon Aurora description: Built-in support for rotating Aurora database master user passwords. - name: Amazon Redshift description: Automatic rotation of Redshift cluster credentials. - name: Amazon DocumentDB description: Native rotation support for DocumentDB user credentials. - name: AWS Lambda description: Lambda-powered custom rotation functions for any secret type. - name: AWS CloudTrail description: Audit logging of all Secrets Manager API calls via CloudTrail. - name: AWS KMS description: Encryption of secrets at rest using customer-managed KMS keys. - name: AWS IAM description: Fine-grained access control for secrets using IAM policies and resource-based policies. - name: AWS CloudFormation description: Provision and manage secrets as part of CloudFormation stacks. - type: JSONLD url: json-ld/amazon-secrets-manager-context.jsonld - type: JSONSchema url: json-schema/amazon-secrets-manager-get-random-password-response-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-list-secrets-response-schema.json - type: JSONSchema url: json-schema/amazon-secrets-manager-tag-schema.json - type: JSONStructure url: json-structure/amazon-secrets-manager-get-random-password-response-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-list-secrets-response-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-rotation-rules-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-secret-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-secret-value-structure.json - type: JSONStructure url: json-structure/amazon-secrets-manager-tag-structure.json - type: Example url: examples/amazon-secrets-manager-get-random-password-response-example.json - type: Example url: examples/amazon-secrets-manager-list-secrets-response-example.json - type: Example url: examples/amazon-secrets-manager-rotation-rules-example.json - type: Example url: examples/amazon-secrets-manager-secret-example.json - type: Example url: examples/amazon-secrets-manager-secret-value-example.json - type: Example url: examples/amazon-secrets-manager-tag-example.json - type: Integrations url: https://aws.amazon.com/partners/ maintainer: Kin Lane integrations: - name: Partner Programs - name: Resources - name: Success Stories - name: Work with an AWS Partner - name: AWS Marketplace - name: AWS Partner Central - name: Partner Paths - name: co-sell with AWS