AWS Secrets Manager secrets managed by other AWS services

Some AWS services that store AWS Secrets Manager secrets on your behalf restrict you from updating them or deleting them without a recovery period. These secrets are typically named with a service ID prefix that indicates which service created them. For more information, see:

Service ID	More information
`appflow`	How Amazon AppFlow uses AWS Secrets Manager
`databrew`	How AWS Glue DataBrew uses AWS Secrets Manager
`directconnect`	How AWS Direct Connect uses AWS Secrets Manager
`events`	How Amazon EventBridge uses AWS Secrets Manager
`opsworks-cm`	How AWS OpsWorks for Chef Automate uses AWS Secrets Manager
`sqlworkbench`	How Amazon Redshift query editor v2 uses AWS Secrets Manager

To find secrets that are managed by other AWS services

Do one of the following:
- In the Secrets Manager console, in the search box, choose Tag key and then enter aws:secretsmanager:owningService.
- To show the managing service in the list of secrets, choose Preferences ( ), and then in the Preferences dialog box, turn on Managed by.
- In the AWS CLI, enter the following command:
```
aws secretsmanager list-secrets --filter Key="tag-key",Values="aws:secretsmanager:owningService"
```

For other services that integrate with Secrets Manager, see AWS services that use AWS Secrets Manager secrets.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Transfer Family

Security in Secrets Manager