Skip to main content

Secrets Management

Storage

All secrets in AWS Secrets Manager:

Database credentials
API keys
Encryption keys

Access

Applications load secrets at startup
Secrets managed outside Terraform (lifecycle ignore_changes)
No secrets in environment variables in code

Rotation

Manual rotation via AWS Console
Applications restart to pick up new secrets

Storage
Access
Rotation