Cybersecurity, Storing Secrets on Amazon Web Services (AWS)

Security information from Technology Services Privacy and Information Security team. Intended Audience: IT Professionals – Developers, IT Operations, Cloud Engineers

Why use AWS Secrets Manager

Correct use of AWS Secrets Manager helps fulfill an IT professional's responsibility to comply with Illinois Cybersecurity standards.

In particular, use of AWS Secrets Manager can help comply with the IT05 Identity Management Security Standard.

AWS Secrets Manager is recommended for secrets that control programmatic access.

Storing secrets in AWS parameter store is not recommended, because while it is encrypted, it lacks support for automated key rotation.

How to use AWS Secrets Manager

These are links to official Amazon documentation.

Security / Operations Resources

Relevant Campus Example Code

Keywords:security, developer, sdlc, cybersecurity, devops, secdevops   Doc ID:106612
Owner:Security S.Group:University of Illinois Technology Services
Created:2020-10-13 10:31 CDTUpdated:2021-10-27 13:37 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0