AWS Secrets Manager

AWS Secrets Manager or AWS SSM Parameter Store?

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

The company that I work for is heavily invested in AWS Systems Manager Parameter Store. But, I have been reading up on AWS Secrets Manager and I’m confused on what the difference is?

Response

AWS Systems Manager Parameter Store is a cost effective configuration store as there isn’t a charge for standard parameters. Parameter Store supports the storage of common configuration data like a URL and also data that’s more complex like a list of strings. But, AWS Systems Manager Parameter Store also supports more sensitive configuration data like secrets, passwords and tokens.

Securing .NET App Secrets with AWS Secrets Manager

Similar to AWS Systems Manager Parameter Store, AWS Secrets Manager allows for storing, managing, and reclaiming OAuth tokens, database credentials, API keys, and other secrets. However, there are big differences between the two AWS services.

AWS Secrets Manager was created for storing confidential data like passwords and secrets so encryption of the stored data is enabled by default. Where as Parameter Store was created to store confidential data as well as general configuration data, like URIs, UNC network paths, and the like. So, understandably, encryption is optional with AWS Systems Manager Parameter Store. Additionally, AWS Secrets Manager features automated key rotation and direct integration with services like RDS, Redshift, and DocumentDB.