Editing an encryption key - AWS Secrets Manager

Editing an encryption key

When you change the encryption key associated with your replica secret, all future secret versions use the new key. Be sure your applications have kms:Decrypt permissions on the new key.

To edit the replica secret encryption key, use the following steps:

  1. Log in to the Secrets Manager at https://console.aws.amazon.com/secretsmanager/.

  2. Choose the primary secret that you want to edit the replica secret encryption key.

  3. In the Replication Configuration section, choose the replica secret.

  4. From the Actions menu, choose Edit encryption key.

  5. Choose to edit the existing encryption key or add a new key.

  6. Type the name of the AWS Region into the AWS Region field.

    By typing in the name of the AWS Region, you confirm changing the encryption key.

  7. Choose Re-encrypt Secret.