Using Secrets Manager as a Password Vault

Question

Our Unix/Linux team uses an Open Source password vault to manage our root and other critical passwords.  We're interested in an AWS-based solution.  Requirements in no particular order:
* Accessible by our team only -- another team has the same general CommonSysAdmin role we do, but we don't want to expose our root password to them.
* Quickly available from the web given proper credentials and coming from a company laptop.
* No need for a password to get the password.  Assume we are already fully authenticated opening the Secrets Manager.  
* Transparently encrypt the password using a private key already on the company laptop.

Suggestions for additional requirements welcome!

Brettski-AWS · Answer

You can definitely build something that meets your requirements using Secrets Manager as a back-end. Command-line and web interfaces are definitely possible. But there's no native complete service that AWS offers that will cover your needs all-in-one.

If you don't have the appetite, skills or time to build a solution I'd suggest looking in the [AWS Marketplace](https://aws.amazon.com/marketplace/) for solutions or look at other hosted third-party offerings.

Indranil Banerjee AWS · Answer

You may want to look at Amazon Cognito - https://aws.amazon.com/cognito/

Amazon Cognito User Pools is a feature that may meet your requirements - https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

Using Secrets Manager as a Password Vault

Relevant content