AWS Secrets Manager Flashcards

1
Q

AWS Secrets Manager

A

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The service enables you to:

A

The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Users and applications retrieve secrets with a:

A

Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Secrets Manager offers secret rotation:

A

Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, and Amazon DocumentDB.

Also, the service is extensible to other types of secrets, including API keys and OAuth tokens. In addition, Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Secrets Manager vs SSM Parameter Store

A

Automatic Key Rotation

Secrets Manager :Yes, built-in for some services, use Lambda for others

SSM Parameter Store: No native key rotation; can use custom Lambda

Key/Value

Secrets Manager :TypeString or Binary (encrypted)

SSM Parameter Store: String, StringList, SecureString (encrypted)

Hierarchical Keys

Secrets Manager : No

SSM Parameter Store: Yes- PriceCharges apply per secretFree for standard, charges for advanced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AWS Secrets Manager Secrets Principles

A
  1. AWS Secrets Manager encrypts secrets at rest using encryption keys that you own and store in AWS Key Management Service (KMS).
  2. When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment.
  3. Secrets Manager does not write or cache the secret to persistent storage.
  4. You can control access to the secret using fine-grained AWS Identity and Access Management (IAM) policies and resource-based policies.
  5. You can also tag secrets individually and apply tag-based access controls.
  6. With AWS Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, AWS SDK, or AWS CLI.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can one extend Secret Management

A

You can extend Secrets Manager to rotate other secrets by modifying sample Lambda functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You can store and retrieve secrets using:

A

You can store and retrieve secrets using the AWS Secrets Manager console, AWS SDK, AWS CLI, or AWS CloudFormation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To retrieve secrets:

A

You simply replace plain text secrets in your applications with code to pull in those secrets programmatically using the Secrets Manager APIs. Secrets Manager provides code samples to call Secrets Manager APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AWS SM vs VPC

A

You can configure Amazon Virtual Private Cloud (VPC) endpoints to keep traffic between your VPC and Secrets Manager within the AWS network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Secrets Manager client-side caching libraries

A

You can also use Secrets Manager client-side caching libraries to improve the availability and reduce the latency of using your secrets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AWS Secrets Manager enables you to audit and monitor

A

AWS Secrets Manager enables you to audit and monitor secrets through integration with AWS logging, monitoring, and notification services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly