Search for a command to run...
Managed service for centrally storing, retrieving, and rotating database credentials, API keys, and other sensitive configuration. Encrypts secrets at rest with keys you control in KMS, controls access via IAM, and automates rotation without redeploying applications.
Adopted by enterprises building on AWS for compliance requirements including HIPAA, PCI-DSS, FedRAMP, and DoD CC SRG. Differentiates from self-hosted options like HashiCorp Vault by removing operational overhead, from Parameter Store by focusing on rotation and cross-service integrations, and from environment-variable approaches by enabling audit trails and centralized management.
Key features:
Use cases span database credential management for apps and data pipelines, API key storage for microservices, and secure injection into CI/CD via GitHub Actions or CodeBuild. Developers retrieve secrets at runtime instead of baking them into images or config files, while ops teams enforce rotation schedules and monitor access through a single control plane.