Reputation: 59
Can you rotate secrets with ECS and Fargate?
I've been trying to find information about rotating secrets with AWS Secrets Manager and ECS with Fargate and I've learned that you can use it to avoid putting sensitive data on your images, but I can't find anything about being able to rotate secrets, I'm starting to wonder if it's even possible.
Upvotes: 1
Views: 2261
Answers (1)
Reputation: 1623
You can use use Secrets Manager with Fargate by embedding the secret in the task definition, and you can enable rotation of secrets in the Secrets Manager console.
The problem is if you enable rotation, you have to ensure your container picks up the new secret. This means the old secret has to be valid for the life of the container, or the container needs to refresh the secret. A previous answer discusses the strategies for dealing with rotation in applications. The short answer is if this is a DB accessed in a Java application, you might look at the Secrets Manager provided JDBC driver wrapper.
Upvotes: 3
Related Questions
- AWS secrets manager, 'A previous rotation isn’t complete' when rotating secrets
- AWS Secrets Manager can’t find the specified secret
- Rotating RDS secrets in AWS with open connections
- Using secrets from AWS Secrets Manager in a CDK stack using ECS + Fargate
- Does secret manager rotation cache?
- Is it possible to Store AWS API gateway API keys in secret manager and rotate them
- How to automatically propagate changes of a secret to the Fargate TaskDefinitions?
- AWS Secrets Manager rotation for RDS credentials
- How to use new secret created by key rotation from AWS Secrets Manager
- How to implement zero-downtime key rotation