Reputation: 545
Secrets as password format in AWS
We are saving Secrets, keys in AWS secrets Manager and These can be retrieved later in programming. We can also define IAM policies who can access these values. We are able to see Keys and values combinations. For example I can save "AppPass=@123tx56tX". Admin user can see "AppPass" actual value, Is there any way it can be stored like secret "AppPass=**********" or any other AWS services, or any workaround. Just don`t want everyone (Who has access) to see the password values from Console.
Upvotes: 0
Views: 400
Answers (2)
Reputation: 578
No, you cannot
secret manager store a document (as text), but its not responsible of the format (could be XML, JSON, or anything)
If you want to show what's the format of the secret without show the value, maybe do it in description. But most of the time, the developer that'll use the secret have to know it (or at least a mock with a similar structure)
So either you can read the secret or you cannot, but you cannot access only a part of it
Upvotes: 1
Reputation: 1124
If you want encryption different from AWS provides (KMS), you will need to use a custom encryption code.
Upvotes: 0
Related Questions
- Parsing secrets from AWS secrets manager using AWS cli
- How do you set key/value secret in AWS secrets manager using Ansible?
- How to store password in AWS Parameter Store
- Get secrets from AWS Secret manager without passing access key and secret key from config
- aws - secrets manager - how to secure secrets when I want to access from ec2?
- Best way to get a rotating Secrets Manager secret to Parameter Store
- Reference Secrets Manager Parameters to Secret String
- Securely upload secrets to Secret Manager/Parameter Store
- Create AWS SecretsManager using AWS CLI for Other type (plaintext)
- How to use AWS ECS to get Database secrets from Parameter Store