Secrets Manager

Definition

AWS Secrets Manager is a service for managing, retrieving, and rotating database credentials, API keys, and other secrets securely and efficiently.

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between AWS Secrets Manager and AWS Systems Manager Parameter Store?
Both can store sensitive values, but Secrets Manager is purpose-built for managing secrets and commonly used for database credentials and API keys, including automated rotation workflows. Parameter Store is a general configuration and parameter service (including SecureString values) and is often used for app configuration; rotation is not a primary built-in feature in the same way and is typically handled by your own automation.
When should I use AWS Secrets Manager?
Use it when you need to store sensitive values (database passwords, API keys, OAuth client secrets), control access with IAM, audit access, and especially when you want automated rotation to reduce the risk of long-lived credentials. It’s a strong fit for production workloads where secrets must be updated regularly without redeploying apps or causing downtime.
How much does AWS Secrets Manager cost?
Pricing is based on the number of secrets stored and the number of API calls to retrieve/manage them, plus any additional costs for related services you use (for example, AWS KMS key usage and AWS Lambda invocations for rotation). Costs increase with more secrets, higher retrieval frequency, and more frequent rotation.

Category: security

Difficulty: intermediate

See Also