Using Secrets Manager as a Password Vault

0

Our Unix/Linux team uses an Open Source password vault to manage our root and other critical passwords. We're interested in an AWS-based solution. Requirements in no particular order:

  • Accessible by our team only -- another team has the same general CommonSysAdmin role we do, but we don't want to expose our root password to them.
  • Quickly available from the web given proper credentials and coming from a company laptop.
  • No need for a password to get the password. Assume we are already fully authenticated opening the Secrets Manager.
  • Transparently encrypt the password using a private key already on the company laptop.

Suggestions for additional requirements welcome!

  • Additional thoughts. The Secrets Manager generally assumes programmatic interfaces. Our use case is more interactive -- or perhaps using an application or script to retrieve the password.

2 Answers
0

You may want to look at Amazon Cognito - https://aws.amazon.com/cognito/

Amazon Cognito User Pools is a feature that may meet your requirements - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

profile picture
EXPERT
answered 2 months ago
0

You can definitely build something that meets your requirements using Secrets Manager as a back-end. Command-line and web interfaces are definitely possible. But there's no native complete service that AWS offers that will cover your needs all-in-one.

If you don't have the appetite, skills or time to build a solution I'd suggest looking in the AWS Marketplace for solutions or look at other hosted third-party offerings.

profile picture
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions