AWS_Secrets-Manager_1

Ensure Secret Encrypted With KMS Customer Master Keys

Description

AWS Secrets Manager is an AWS service that makes it easier for you to manage secrets like database credentials, passwords, third-party API keys, and even arbitrary text. By default, AWS Secrets Manager has a default encryption key that Secrets Manager creates on your behalf. But when you use your own Amazon KMS Customer Master Key (CMK) to protect the secret data managed by AWS Secrets Manager service, you get full control over who can use the encryption key to access your secrets. Amazon Key Management Service (KMS) allows you to easily create, rotate, disable and audit Customer Master Keys created for your Secrets Manager secrets.

Remediation

  1. Sign in to AWS Management Console.
  2. Navigate to KMS dashboard at https://console.aws.amazon.com/kms/.
  3. In the left navigation panel click&nbsp

Service

Secrets Manager

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!