Document history for AWS Secrets Manager - AWS Secrets Manager

Document history for AWS Secrets Manager

The following table describes major documentation updates for AWS Secrets Manager.

  • API version: 2017-10-17

Change Description Date

Kubernetes CSI plugin for managing secrets

Added instructions for implementing Kubernetes plugin for secrets management.

April 22, 2021

Multi-Region secrets support

Added support for AWS replicating secrets across regions to support cross region applications.

February 25, 2021

Added three additional AWS Config Rules for Secrets Manager.

Three new rules to check for unused secrets, rotated secrets, and secrets with CMKs.

February 25, 2021

Added information about Security Hub controls for Secrets Manager and security best practices.

Security Hub provides security controls to check for automatic rotation of secrets and successful rotation of secrets.

September 18, 2020

Updated CloudFormation examples to use the Secrets Manager Transform.

When creating a Secrets Manager secret and database with roation using the CloudFormation template, you have the option of using Transform: AWS::SecretsManager-2020-07-23 which allows you to create a hosted Lambda function.

July 23, 2020

Enhanced search capabilities for secrets.

You can search for secrets using name, description, tag key, and tag value. Secrets Manager allows multiple filters for finding secrets.

July 9, 2020

Added the ability to attach resource-based policies to secrets using the Secrets Manager console.

You can add, modify, and delete resource-based policies using the console. Also, Secrets Manager validates the policies.

July 9, 2020

Changed the Rotate Secret tutorial to include a link to Amazon RDS.

To keep the tutorial steps up to date in the guide, a link to the Amazon RDS documentation replaced the steps to set up a test database.

May 12, 2020

Added FedRAMP compliance for Secrets Manager.

Added FedRAMP logo and information on compliance with Secrets Manager.

May 12, 2020

Added AWS Config with Secrets Manager and added more information on CloudFormation.

Added documentation for using AWS Config with Secrets Manager.

April 16, 2020

Replaced CloudFormation templates with shorter and easier to use templates.

Templates now use only 60 lines of code to create CloudFormation configurations.

November 20, 2019

Added documentation for endpoint policies

You can now use an endpoint policy to control secrets-related activity on your Secrets Manager VPC endpoint. Added section for creating an endpoint policy for Secrets Manager VPC endpoint. Also created a distinct reference article for all VPC endpoint content.

July 25, 2019

Added Python, Go, and .NET caching clients

Added links to GitHub where you acquire the caching clients for Python, Go, and .NET.

May 9, 2019

Added secret types for Amazon Redshift and Amazon DocumentDB

Added Amazon Redshift and Amazon DocumentDB databases to the secret types.

March 7, 2019

Updated supported databases

Added the full list of supported databases on Amazon RDS for rotational support, including Microsoft SQL Server, Oracle and more.

December 2, 2018

Compliance with PCI and ISO

Included the PCI and ISO standards in the compliance standards section.

December 1, 2018

Use existing Lambda rotation functions with your secrets

When you enable rotation for a secret in the Secrets Manager console, you can now choose an existing Lambda function in addition to being able to create new functions.

November 15, 2018

Tag your secrets using the Secrets Manager console

You can now include tags when create and modify your secrets using the Secrets Manager console.

November 15, 2018

Create secrets programmatically with CloudFormation

You can now create secrets by defining it in a CloudFormation template. If the secret is associated with one of the fully supported databases, then you can also generate the credentials dynamically during the processing of the template, configure the database to use those credentials and store them in a secret that is configured to automatically rotate.

November 12, 2018

Delete a secret without a recovery window

You can now delete secrets without specifying a recovery window. This enables you to 'clean up' unneeded secrets without having to wait a minimum of seven days.

August 9, 2018

Private VPC service endpoints

You can now configure private service endpoints for Secrets Manager within your VPCs. This enables you to call Secrets Manager API operations from within a VPC without requiring connection to the public internet.

July 11, 2018

Resource-based policies

You can now attach IAM permission policies directly to a secret to determine who can access that secret. This also enables cross-account access because you can specify other AWS accounts in the Principal element of a resource-based policy.

June 26, 2018

Compliance with HIPAA

Secrets Manager is now available as a HIPAA-eligible service.

June 4, 2018

Initial release of service

Documentation provided for the initial release of AWS Secrets Manager.

April 4, 2018