Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Does the AWS Secrets Manager console support hiding secret values when accessed by administrators or users with appropriate permissions?

0

I have created a Secret in AWS Secrets Manager and added multiple Secrets.

In the console when I click on Retrieve and view the secret value in AWS Secrets Manager. It opens as plain text.

I need to mask that with value (e.g., ***********) in the console, even for users with the necessary permissions to view the secret.

If it is possible kindly help me with this.

Themen
Sicherheit, Identität & KonformitätAWS Framework mit guter Struktur
Tags
AWS Identity and Access ManagementAWS GeheimnismanagerSicherheit
Sprache
English
Srikanth
gefragt vor einem Monat235 Aufrufe
1 Antwort
0

There are several ways you could achieve this.

You could use a customer managed KMS Key and only allow decrypt for the roles/users that require the secrect. EG, if you have a lambda function, allow that execution role decrypt on the KMS Key thats used to encrypt the secret but you could allow encrypt for administrators. To do this you would also have to restrict ROOT also on the KMS key with removing decrypt also. If not, IAM Administrators will still have decrypt.

You could place a IAM Policy on the adminsitrator group with a DENY for GetSecretValue on particular resources.

You could have an SCP in place on the Account/OU If in an org to prevent decrypt or get secret value on the Secrets in question

profile picture
EXPERTE
Gary Mclean
beantwortet vor einem Monat
profile pictureAWS
EXPERTE
AWS-User-alantam
überprüft vor einem Monat

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt