AWS Secrets Manager

• Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.

• The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

• Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

• It offers built-in integrations for MySQL, PostgreSQL, and Aurora on RDS, and can rotate credentials for these databases natively.

• It enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in AWS, third-party services, and on-premises.

Versioning

• Multiple versions of a secret exist to support rotation of a secret.

• Secrets Manager distinguishes between different versions by the staging labels.

• For most scenarios, you don't worry about versions of the secret. Secrets Manager and the provided Lambda rotation function manage these details for you.