When creating AWS Secrets Manager, it should be automated using tools such as Terraform, Puppet, or Ansible. With Terraform code, you specify the encryption key, secret name, rotation policy, and secret replication. Human error occurs when feeding secret values manually, especially with large amounts of secrets to input. Secrets should never be protected only by IAM. They should be protected by multiple layers, such as IAM and one or two KMS keys. Additional security measures could be beneficial if necessary. The rotation policy is crucial because some secrets may become obsolete, require updates, or get compromised. With a weekly rotation policy, if unauthorized access occurs, the exposure is limited to seven days. The rotation policy can be customized according to needs.
In terms of improvement, I don’t see any that AWS Secrets Manager requires since new features continue to be added regularly. The only concern is its cost, which can be prohibitive for small organizations. For large enterprises without financial constraints, it’s excellent.
An area for improvement in AWS Secrets Manager could be expanding integration options beyond AWS services. Enhancing compatibility with other platforms like Azure and providing more automated options for secret rotation could simplify the overall integration process for users.
DevOps Lead at a manufacturing company with 1,001-5,000 employees
Real User
Oct 6, 2023
There is room for improvement in the pricing model. In future releases, I would like to see a feature. For example, other secret managers don't allow the use of services other than AWS service. So, if we have AWS Secrets Manager allowed to a user outside the AWS environment, it will be an additional feature.
Find out what your peers are saying about Amazon Web Services (AWS), Microsoft, HashiCorp and others in Enterprise Password Managers. Updated: December 2025.
Even though I said that the employee or programmer doesn't need to see the secret, he can view the secret if he intends to. He just has to display the value he fetched from the AWS Secrets Manager. The solution should add one more layer of encoding and decoding so that when the programmer fetches the value from the AWS Secrets Manager, what he receives is only an encoded version. Instead of directly sending it to Google, he sends the authentication information to another AWS service which decodes it and then sends it to Google. If you add one more layer of security to AWS Secrets Manager, even the programmer will not be able to see the secrets.
Associate Technical Architect at a computer software company with 1,001-5,000 employees
Real User
Aug 31, 2021
If you don't have enterprise support, then you will not be able to get through to them to get the help. It is not only applicable to AWS Secrets Manager. It is also applicable to any service on AWS.
Enterprise Password Managers provide robust security solutions for organizations to manage and protect digital identities. Offering advanced features, they ensure seamless access control and enhanced security protocols.These tools help businesses maintain control over password policies while reducing the risk of unauthorized access. With centralized management, IT teams can streamline operations and enforce security measures efficiently. They support integration with existing IT...
When creating AWS Secrets Manager, it should be automated using tools such as Terraform, Puppet, or Ansible. With Terraform code, you specify the encryption key, secret name, rotation policy, and secret replication. Human error occurs when feeding secret values manually, especially with large amounts of secrets to input. Secrets should never be protected only by IAM. They should be protected by multiple layers, such as IAM and one or two KMS keys. Additional security measures could be beneficial if necessary. The rotation policy is crucial because some secrets may become obsolete, require updates, or get compromised. With a weekly rotation policy, if unauthorized access occurs, the exposure is limited to seven days. The rotation policy can be customized according to needs.
In terms of improvement, I don’t see any that AWS Secrets Manager requires since new features continue to be added regularly. The only concern is its cost, which can be prohibitive for small organizations. For large enterprises without financial constraints, it’s excellent.
There is a potential improvement in connecting AWS Secrets Manager to Jenkins CI/CD pipeline to automatically reflect changes in production.
An area for improvement in AWS Secrets Manager could be expanding integration options beyond AWS services. Enhancing compatibility with other platforms like Azure and providing more automated options for secret rotation could simplify the overall integration process for users.
There is room for improvement in the pricing model. In future releases, I would like to see a feature. For example, other secret managers don't allow the use of services other than AWS service. So, if we have AWS Secrets Manager allowed to a user outside the AWS environment, it will be an additional feature.
AWS Secrets Manager could support hybrid infrastructure. There could be more functionalities compared to different solution providers.
Even though I said that the employee or programmer doesn't need to see the secret, he can view the secret if he intends to. He just has to display the value he fetched from the AWS Secrets Manager. The solution should add one more layer of encoding and decoding so that when the programmer fetches the value from the AWS Secrets Manager, what he receives is only an encoded version. Instead of directly sending it to Google, he sends the authentication information to another AWS service which decodes it and then sends it to Google. If you add one more layer of security to AWS Secrets Manager, even the programmer will not be able to see the secrets.
There is a need for better environmental implementation, such as having a security fund as a solution.
The sidecar feature has room for improvement.
If you don't have enterprise support, then you will not be able to get through to them to get the help. It is not only applicable to AWS Secrets Manager. It is also applicable to any service on AWS.
We occasionally have problems with rate limits, although that is a problem more generally with AWS.
It would be good if the AWS Secrets Manager were more customizable.