Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately

  • Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately

  • apser

    Member
    January 29, 2023 at 8:27 pm

    This is marked as an answer regarding rds and secrets manager rotation. I don’t think this is correct, as it’s an optional check: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html#rotate-secrets_turn-on-for-db_step2

  • Carlo-TutorialsDojo

    Administrator
    January 30, 2023 at 11:58 pm

    Hello apser,

    Thanks for the feedback.

    Could you post a snippet of the question so we can check it?

    Regards,

    Carlo @ Tutorials Dojo

    • apser

      Member
      January 31, 2023 at 4:40 am

      A Security Engineer refactored an application to remove the hardcoded Amazon RDS database credential from the application and store it to AWS Secrets Manager instead. The application works fine after the code change. For improved data security, the Engineer enabled rotation of the credential in Secrets Manager and then set the rotation to change every 30 days. The change was done successfully without any issues but after a short while, the application is getting an authentication error whenever it connects to the database.

      What is the MOST likely cause of this issue?

      <ul data-question_id=”8422″ data-type=”single”>

    • IAM DB Authentication was accidentally turned off.
    • The Security Engineer doesn’t have the required AWS CloudHSM permissions. The AWS Secrets Manager encrypts the protected text of a secret by using AWS CloudHSM.
    • Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately.
    • The Security Engineer doesn’t have a SecretsManagerReadWrite permission.
  • Carlo-TutorialsDojo

    Administrator
    February 1, 2023 at 3:18 am

    Hello apser,

    Thank you for responding.

    The Rotate Immediately feature is optional, but it is enabled by default when you enable automatic rotation. If you don’t tick it off upon the secret creation, Secrets Manager rotates your secret immediately. The next rotation will begin on your schedule.

    Let me know if this helps.

    Regards,

    Carlo @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now