AWS Secrets Manager

Overview

Secrets Manager centrally stores secrets with KMS encryption, automatic rotation (7-90 days), and version tracking. Benefits: No hardcoded credentials, automatic rotation reduces exposure, IAM policies for fine-grained access, audit logs via CloudTrail. For AI: Store OpenAI/Anthropic keys, manage RDS credentials for training data, rotate database passwords automatically, use Lambda for custom rotation logic. Pricing: $0.40/secret/month + $0.05 per 10K API calls. 30-day free trial per secret. For high-volume access, consider caching secrets in application memory (refresh hourly).

Code Example

import boto3
import json

# Initialize client
client = boto3.client('secretsmanager', region_name='us-east-1')

# Store secret
client.create_secret(
    Name='ai/openai-key',
    SecretString=json.dumps({'api_key': 'sk-proj-...', 'org': 'org-...'})
)

# Retrieve secret
response = client.get_secret_value(SecretId='ai/openai-key')
secret = json.loads(response['SecretString'])
openai_key = secret['api_key']

# Use with OpenAI
from openai import OpenAI
openai_client = OpenAI(api_key=openai_key)

# Automatic rotation for RDS (AWS handles this)
client.rotate_secret(
    SecretId='rds-postgres-creds',
    RotationLambdaARN='arn:aws:lambda:us-east-1:123456789012:function:RotateRDS',
    RotationRules={'AutomaticallyAfterDays': 30}
)

Professional Integration Services by 21medien

21medien offers AWS Secrets Manager setup including secret migration, rotation configuration, IAM policy design, and application integration. Contact us for AWS secrets management consulting.

Resources

AWS Docs: https://docs.aws.amazon.com/secretsmanager | Pricing: https://aws.amazon.com/secrets-manager/pricing