< ciso
brief />
Tag Banner

All news with #aws secrets manager tag

23 articles · page 2 of 2

Deploying AWS Secrets Manager Agent as an EKS Sidecar

🔒 This post demonstrates deploying the AWS Secrets Manager Agent as a sidecar container in Amazon EKS to provide a language-agnostic local HTTP interface (localhost:2773) for secrets retrieval. The agent pulls and caches secret values, reducing direct API calls to Secrets Manager and improving application availability. It enforces SSRF protection via a generated token at /var/run/awssmatoken and implements ML‑KEM post‑quantum key exchange by default. Authentication uses Amazon EKS Pod Identity and IAM permissions (secretsmanager:GetSecretValue and secretsmanager:DescribeSecret), and the post includes build, containerization, and deployment steps.
read more →

AWS Secrets Manager PrivateLink Support for FIPS Endpoints

🔐 AWS Secrets Manager now supports AWS PrivateLink with all Secrets Manager Federal Information Processing Standard (FIPS) endpoints available in commercial AWS Regions and the AWS GovCloud (US) Regions. With this launch you can establish a private connection between your VPC and Secrets Manager FIPS endpoints instead of connecting over the public internet. This capability helps organizations meet compliance and regulatory requirements that limit public internet connectivity.
read more →

Automating OIDC Client Secret Rotation for ALB on AWS

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.
read more →