เนื้อหานี้ไม่พร้อมใช้งานในภาษาที่คุณเลือก เรากำลังดำเนินการอย่างต่อเนื่องเพื่อจัดทำเนื้อหาในภาษาที่คุณเลือก ขอบคุณที่อดใจรอ
We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
To not allow all other AWS cross-context behavioral advertising, complete this form by email.
For more information about how AWS handles your information, please read the AWS Privacy Notice.
We will only store essential cookies at this time, because we were unable to save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.
AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Using Secrets Manager, you can secure and manage secrets used to access resources in the AWS Cloud, on third-party services, and on-premises.
AWS Secrets Manager protects access to your applications, services, and IT resources, without the upfront investment and on-going maintenance costs of operating your own infrastructure.
Secrets Manager is for IT administrators looking for a secure and scalable method to store and manage secrets. Security administrators responsible for meeting regulatory and compliance requirements can use Secrets Manager to monitor secrets and rotate secrets without a risk of impacting applications. Developers who want to replace hardcoded secrets in their applications can retrieve secrets programmatically from Secrets Manager.
AWS Secrets Manager enables you to store, retrieve, control access to, rotate, audit, and monitor secrets centrally.
You can encrypt secrets at rest to reduce the likelihood of unauthorized users viewing sensitive information. To retrieve secrets, you simply replace secrets in plain text in your applications with code to pull in those secrets programmatically using the Secrets Manager APIs. You use AWS Identity and Access Management (IAM) policies to control which users and applications can access these secrets. You can rotate passwords, on a schedule or on demand, for supported database types hosted on AWS, without a risk of impacting applications. You can extend this functionality to rotate other secrets, such as passwords for Oracle databases hosted on Amazon EC2 or OAuth refresh tokens, by modifying sample Lambda functions. You can also audit and monitor secrets because Secrets Manager integrates with AWS CloudTrail, Amazon CloudWatch, and Amazon Simple Notification Service (Amazon SNS).
You can manage secrets such as database credentials, on-premises resource credentials, SaaS application credentials, third-party API keys, and Secure Shell (SSH) keys. Secrets Manager enables you to store a JSON document which allows you to manage any text blurb that is 64 KB or smaller.
You can natively rotate credentials for Amazon Relational Database Service (RDS), Amazon DocumentDB, and Amazon Redshift. You can extend Secrets Manager to rotate other secrets, such as credentials for Oracle databases hosted on EC2 or OAuth refresh tokens, by modifying sample AWS Lambda functions available in the Secrets Manager documentation.
First, you must write an AWS Identity and Access Management (IAM) policy permitting your application to access specific secrets. Then, in the application source code, you can replace secrets in plain text with code to retrieve these secrets programmatically using the Secrets Manager APIs. For the complete details and examples, please see the AWS Secrets Manager User Guide.
To get started with AWS Secrets Manager:
Please visit the AWS Region Table to see the current region availability for AWS services.
AWS Secrets Manager enables you to configure database credential rotation on a schedule. This enables you to follow security best practices and rotate your database credentials safely. When Secrets Manager initiates a rotation, it uses the super database credentials provided by you to create a clone user with the same privileges, but with a different password. Secrets Manager then communicates the clone user information to databases and applications retrieving the database credentials. To learn more about rotation, refer to AWS Secrets Manager Rotation Guide.
No. Authentication happens when a connection is established. When AWS Secrets Manager rotates a database credential, the open database connection is not re-authenticated.
You can configure Amazon CloudWatch Events to receive a notification when AWS Secrets Manager rotates a secret. You can also see when Secrets Manager last rotated a secret using the Secrets Manager console or APIs.
AWS Secrets Manager encrypts at rest using encryption keys that you own and store in AWS Key Management Service (KMS). You can control access to the secret using AWS Identity and Access Management (IAM) policies. When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment. By default, Secrets Manager does not write or cache the secret to persistent storage.
You can use AWS Identity and Access Management (IAM) policies to control the access permissions of users and applications to retrieve or manage specific secrets. For example, you can create a policy that only enables developers to retrieve secrets used for the development environment. To learn more, visit Authentication and Access Control for AWS Secrets Manager.
AWS Secrets Manager uses envelope encryption (AES-256 encryption algorithm) to encrypt your secrets in AWS Key Management Service (KMS).
When you first use Secrets Manager, you can specify the AWS KMS keys to encrypt secrets. If you do not provide a KMS key, Secrets Manager creates AWS KMS default keys for your account automatically. When a secret is stored, Secrets Manager requests a plaintext and an encrypted data key from KMS. Secrets Manager uses the plaintext data key to encrypt the secret in memory. AWS Secrets Manager stores and maintains the encrypted secret and encrypted data key. When a secret is retrieved, Secrets Manager decrypts the data key (using the AWS KMS default keys) and uses the plaintext data key to decrypt the secret. The data key is stored encrypted and is never written to disk in plaintext. Also, Secrets Manager does not write or cache the plaintext secret to persistent storage.
With Secrets Manager, you pay only for what you use, there is no minimum fee. There are no set-up fees or commitments to begin using the service. At the end of the month, your credit card will automatically be charged for that month’s usage. You are charged for number of secrets you store and for API requests made to the service each month.
For current pricing information, visit AWS Secrets Manager pricing.
Yes, you can try Secrets Manager at no additional charge through the AWS Secrets Manager 30-day free trial. The free trial enables you to rotate, manage, and retrieve secrets over the 30-day period. The free trial starts when you store your first secret.