0
0
AwsHow-ToBeginner · 4 min read

How to Use AWS Secrets Manager: Simple Guide

Use AWS Secrets Manager to securely store sensitive data like passwords or API keys. You create a secret, then retrieve it in your application using the AWS SDK or CLI to keep secrets safe and separate from code.
📐

Syntax

To use AWS Secrets Manager, you typically perform these steps:

  • CreateSecret: Store your secret securely.
  • GetSecretValue: Retrieve the secret when needed.
  • UpdateSecret: Change the secret securely.
  • DeleteSecret: Remove the secret when no longer needed.

These actions can be done via AWS CLI, SDKs, or Console.

bash
aws secretsmanager create-secret --name MySecret --secret-string '{"username":"admin","password":"mypassword"}'

aws secretsmanager get-secret-value --secret-id MySecret
💻

Example

This example shows how to create and retrieve a secret using AWS CLI and Python SDK.

bash and python
# Create a secret using AWS CLI
aws secretsmanager create-secret --name MyAppSecret --secret-string '{"apiKey":"12345"}'

# Python code to retrieve the secret
import boto3
import json

client = boto3.client('secretsmanager')

response = client.get_secret_value(SecretId='MyAppSecret')
secret = json.loads(response['SecretString'])
print(f"API Key: {secret['apiKey']}")
Output
API Key: 12345
⚠️

Common Pitfalls

Common mistakes when using Secrets Manager include:

  • Hardcoding secrets in code instead of retrieving them dynamically.
  • Not setting proper IAM permissions to allow access to secrets.
  • Forgetting to rotate secrets regularly for security.
  • Using plaintext secrets instead of JSON strings for structured data.

Always use IAM roles and policies to control access and avoid exposing secrets in logs or error messages.

python
## Wrong way: Hardcoding secret
api_key = "12345"  # Avoid this

## Right way: Retrieve secret dynamically
import boto3
client = boto3.client('secretsmanager')
secret = client.get_secret_value(SecretId='MyAppSecret')['SecretString']
📊

Quick Reference

ActionDescriptionExample CLI Command
Create SecretStore a new secret securelyaws secretsmanager create-secret --name MySecret --secret-string '{"key":"value"}'
Retrieve SecretGet the secret valueaws secretsmanager get-secret-value --secret-id MySecret
Update SecretChange the secret valueaws secretsmanager update-secret --secret-id MySecret --secret-string '{"key":"newvalue"}'
Delete SecretRemove the secretaws secretsmanager delete-secret --secret-id MySecret

Key Takeaways

Store sensitive data securely using AWS Secrets Manager instead of hardcoding.
Retrieve secrets dynamically in your application using AWS SDK or CLI.
Use IAM policies to control who can access your secrets.
Rotate secrets regularly to maintain security.
Avoid exposing secrets in logs or error messages.

Related by keyword

How to Choose AWS Region: Simple Guide for BeginnersGetting StartedHow to Use Service Linked Role in AWS: Simple GuideIAMHow to Use Temporary Credentials in AWS: Simple GuideIAMHow to Use Elastic IP in AWS: Simple GuideEC2How to Set Bucket Policy in AWS S3: Simple GuideS3

Up next

What is a Template in AWS CloudFormation: Simple ExplanationYAML vs JSON in CloudFormation: Key Differences and When to Use EachHow to Check AWS Bill: Simple Steps to View Your ChargesHow to Reduce AWS Cost: Simple Steps to Save Money

More in Other Services

AWS CodePipeline vs CodeBuild vs CodeDeploy: Key Differences & UsageElastiCache Redis vs Memcached: Key Differences and Usage GuideHow to Create State Machine Step Functions in AWSHow to Deploy an App to AWS Elastic Beanstalk Quickly