Topics Map > Safety and Security
Topics Map > Computing Infrastructure > Amazon Web Services

Cybersecurity, Storing Secrets on Amazon Web Services (AWS)

Security information from Technology Services Privacy and Information Security team. Intended Audience: IT Professionals – Developers, IT Operations, Cloud Engineers

Why use AWS Secrets Manager

Correct use of AWS Secrets Manager helps fulfill an IT professional's responsibility to comply with Illinois Cybersecurity standards.

In particular, use of AWS Secrets Manager can help comply with the IT05 Identity Management Security Standard.

AWS Secrets Manager is recommended for secrets that control programmatic access.

Storing secrets in AWS parameter store is not recommended, because while it is encrypted, it lacks support for automated key rotation.

How to use AWS Secrets Manager

These are links to official Amazon documentation.

Security / Operations Resources

AWS Authentication
AWS IAM Best Practices
Rotating Secrets on AWS
- How often should I rotate the keys? Start with 30-90 days. Feel free to reach out to securitysupport@illinois.edu to get expert guidance relevant to the threat model for your use case.

Relevant Campus Example Code

Keywords:

security, developer, sdlc, cybersecurity, devops, secdevops

Doc ID:

106612

Owned by:

Security S. in University of Illinois Technology Services

Created:

2020-10-13

Updated:

2023-07-26

Sites:

University of Illinois Technology Services

Clean URL:

https://answers.uillinois.edu/illinois/cybersecurity-storing-secrets-on-aws

0 0 Comment Suggest new doc Subscribe to changes