I'm exploring AWS secret manager for an upcoming project. I got a bit confused around the concept of rotating secrets. It seems I can only keep the secret for a specific duration and after that it will rotate. What happens once it gets rotated? Does the secrets value gets changed? For example, lets say I keep my mailgun access api in AWS secret manager which is AB334Tfdxxss99. If AWS secret manager changes it to something else, how can I send emails afterwards?
Asked
Active
Viewed 1,459 times
1
Tim
- 33,870
- 7
- 56
- 84
user3360140
- 293
- 1
- 5
- 15
1 Answers
2
Rotation is an optional feature only. Secrets Manager will never rotate your secrets unless you configure it to - as per docs here.
From memory, this is mostly used with RDS, which due to an integration can rotate the database password and secret at the same time. As Ceejay points out below, custom rotation based on a lambda function is also an option.
Tim
- 33,870
- 7
- 56
- 84