Home › Forums › AWS › AWS Certified Security – Specialty › Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately
-
Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately
Carlo-TutorialsDojo updated 1 year, 7 months ago 2 Members · 4 Posts -
This is marked as an answer regarding rds and secrets manager rotation. I don’t think this is correct, as it’s an optional check: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html#rotate-secrets_turn-on-for-db_step2
-
Hello apser,
Thanks for the feedback.
Could you post a snippet of the question so we can check it?
Regards,
Carlo @ Tutorials Dojo
-
A Security Engineer refactored an application to remove the hardcoded Amazon RDS database credential from the application and store it to AWS Secrets Manager instead. The application works fine after the code change. For improved data security, the Engineer enabled rotation of the credential in Secrets Manager and then set the rotation to change every 30 days. The change was done successfully without any issues but after a short while, the application is getting an authentication error whenever it connects to the database.
What is the MOST likely cause of this issue?
<ul data-question_id=”8422″ data-type=”single”>
- IAM DB Authentication was accidentally turned off.
- The Security Engineer doesn’t have the required AWS CloudHSM permissions. The AWS Secrets Manager encrypts the protected text of a secret by using AWS CloudHSM.
- Enabling rotation in AWS Secrets Manager causes the secret to rotate immediately.
- The Security Engineer doesn’t have a SecretsManagerReadWrite permission.
-
Hello apser,
Thank you for responding.
The
Rotate Immediately
feature is optional, but it is enabled by default when you enable automatic rotation. If you don’t tick it off upon the secret creation, Secrets Manager rotates your secret immediately. The next rotation will begin on your schedule.Let me know if this helps.
Regards,
Carlo @ Tutorials Dojo
-
Log in to reply.