Using single Secret Manager for mutliple schema creds with password rotation

0

Hi all, Disclaimer: New to AWS DevOps :) So I've a situation where we need to store all database schemas (Oracle database) in secrets manager, to meet secutiry compliance guidelines.

  • To limit my costs, I was thinking to put all application schema credentials, belonging to single RDS instance, under 1 secrets manager resource.
  • So there will be one-to-many relation between secrets-mgr resource & database schema creds, respectively
  • however, I also want to ensure ** each application has access to only their on schema creds, and not other schema creds in that particular secrets-mgr resource **

Question: Can I provide ** access to specific secret-key:secret-value, inside a secret, to app users **. Is this possible ? As going through docs, I dont see that being possible.

Hope my questions is clear thanks in advance, J K

JK
preguntada hace 2 años542 visualizaciones
1 Respuesta
0

Hi,

I understand that you have one Secret that holds multiple different values and you would like to know if it is possible to control access to only allow users to retrieve specific key/value pairs.

Unfortunately this would not be possible as you can only restrict the action “GetSecretsValue” to a specific secret and not a key/value pair. I am attaching the following documentation that goes over this here (1). In order to restrict access to specific secrets values you would need to store them in separate secrets. You can then use IAM permissions as well as resource based policies to restrict access, I am linking the documentation for that here (2)

I hope you have a great rest of your day!

References

(1) https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html

(2) https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html

AWS
INGENIERO DE SOPORTE
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas