Amazon Web Services announced a new service today that could solve one of the biggest security headaches facing users of the cloud platform. The AWS Secrets Manager will allow developers to programmatically insert the credentials their applications need without writing them into the source code itself or setting them as environment variables.
Leaked credentials written into source code have been one of the biggest security risks for customers of the cloud platform. The Secrets Manager will let customers replace that risk with a small function that goes and pulls down the correct credentials when it’s run for database access and connections to other services.
While AWS Secrets Manager works with credentials for databases managed by the cloud provider’s Relational Database Service, it also works with third-party API keys, like those provided by Twitter and other companies. The service also handles automatic rotation of those security credentials.
(To be clear, this isn’t an AWS-only problem: users of other cloud platforms have similar issues with managing credentials for their applications.)
It’s part of the cloud platform’s ongoing push to offer the services companies need to protect themselves and their applications from a growing variety of threats.
In addition to the Secrets Manager, AWS also announced a new Firewall Manager that lets companies centrally control settings for the AWS Web Application Firewall across multiple accounts. Along similar lines, an update to the AWS Config Rules service will allow customers to manage different compliance rules for their configurations across multiple accounts.
Finally, the cloud provider announced a Private Certificate Authority feature for its security certificate management service. That allows companies that want to control the authority generating their security certificates to do so through AWS, rather than having to deploy the infrastructure themselves.
Update 3 p.m. Pacific: This story has been updated to clarify that managing service credentials isn’t an AWS-only issue, and that AWS Secrets Manager works with external credentials as well.