AWS Secrets Manager
User Guide

Document History for AWS Secrets Manager

The following table describes major documentation updates for AWS Secrets Manager.

  • API version: 2017-10-17

Change Description Date

Added documentation for endpoint policies

You can now use an endpoint policy to control secrets-related activity on your Secrets Manager VPC endpoint. Added section for creating an endpoint policy for Secrets Manager VPC endpoint. Also created a distinct reference article for all VPC endpoint content.

July 25, 2019

Added Python, Go, and .NET caching clients

Added links to GitHub where you acquire the caching clients for Python, Go, and .NET.

May 9, 2019

Added secret types for Redshift and DocumentDB

Added Redshift and DocumentDB databases to the secret types.

March 7, 2019

Updated supported databases

Added the full list of supported databases on Amazon RDS for rotational support, including Microsoft SQL Server, Oracle and more.

December 2, 2018

Compliance with PCI and ISO

Included the PCI and ISO standards in the compliance standards section.

December 1, 2018

Use existing Lambda rotation functions with your secrets

When you enable rotation for a secret in the Secrets Manager console, you can now choose an existing Lambda function in addition to being able to create new functions.

November 15, 2018

Tag your secrets using the Secrets Manager console

You can now include tags when create and modify your secrets using the Secrets Manager console.

November 15, 2018

Create secrets programmatically with CloudFormation

You can now create secrets by defining it in a CloudFormation template. If the secret is associated with one of the fully supported databases, then you can also generate the credentials dynamically during the processing of the template, configure the database to use those credentials and store them in a secret that is configured to automatically rotate.

November 12, 2018

Delete a secret without a recovery window

You can now delete secrets without specifying a recovery window. This enables you to 'clean up' unneeded secrets without having to wait a minimum of seven days.

August 9, 2018

Private VPC service endpoints

You can now configure private service endpoints for Secrets Manager within your VPCs. This enables you to call Secrets Manager API operations from within a VPC without requiring connection to the public internet.

July 11, 2018

Resource-based policies

You can now attach IAM permission policies directly to a secret to determine who can access that secret. This also enables cross-account access because you can specify other AWS accounts in the Principal element of a resource-based policy.

June 26, 2018

Compliance with HIPAA

Secrets Manager is now available as a HIPAA-eligible service.

June 4, 2018

Initial release of service

Documentation is provided for the initial release of AWS Secrets Manager.

April 4, 2018