More Info:

Ensure that Amazon Secrets Manager service is used in your AWS account to manage access credentials (i.e. secrets) such as API keys, OAuth tokens and database credentials. For example, you can use AWS Secrets Manager to handle database credentials to meet security and compliance requirements in your organization. Secrets Manager provides built-in integrations for MySQL, PostgreSQL and Aurora on Amazon Relational Database Service (RDS), and can rotate, manage and retrieve credentials for these database types natively.

Risk Level

Medium

Address

Security

Compliance Standards

CBP

Remediation

How to ensure Secrets Manager is in use

Using AWS Console

  1. Log in to the AWS Management Console.
  2. Navigate to the Secrets Manager dashboard. (In the Cloudanix Console, navigate to “Misconfig” page and look for Affected Assets for “Secrets Manager Should Be In Use” Policy.)
  3. Check if there are any secrets listed on the dashboard. If there are, then Secrets Manager is in use.
  4. If there are no secrets listed, create a new secret by clicking on the “Store a new secret” button.
  5. Follow the prompts to create a new secret. You can choose to store a new password, database credentials, or any other sensitive information.
  6. Once the secret has been created, you can use it in your applications or services.

Additional Reading: