AWS Secrets Manager
Secrets management tools
Privileged access management (PAM) software
Data security software
Identity management software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if AWS Secrets Manager and its alternatives fit your requirements.
Pay-as-you-go
Free Trial
Free version unavailable
Small
Medium
Large
- Retail and wholesale
- Accommodation and food services
- Agriculture, fishing, and forestry
What is AWS Secrets Manager
AWS Secrets Manager is a managed service for storing, retrieving, and rotating application secrets such as database credentials, API keys, and other sensitive configuration values. It is primarily used by cloud and DevOps teams building on AWS who need centralized secret storage with programmatic access from applications and infrastructure automation. The service integrates with AWS identity and access controls and supports automated rotation for supported databases through AWS-managed workflows and AWS Lambda. It is designed to reduce hard-coded secrets in code and configuration while providing auditability through AWS logging services.
Deep AWS service integration
AWS Secrets Manager integrates tightly with AWS IAM for access control and with AWS services commonly used to run workloads, such as compute and container platforms. It supports encryption using AWS Key Management Service (KMS) and can log access activity via AWS CloudTrail. This makes it straightforward to apply consistent policies and auditing within an AWS-centric environment.
Managed secret rotation workflows
The service provides built-in rotation support for several AWS-supported databases and can run custom rotation logic using AWS Lambda. Rotation can be scheduled and managed centrally, reducing manual credential change processes. For teams that already operate in AWS, this can simplify operational overhead compared with self-managed rotation infrastructure.
Programmatic access and SDK support
Secrets can be retrieved through AWS SDKs, CLI, and APIs, enabling integration into applications, CI/CD pipelines, and infrastructure-as-code workflows. Fine-grained permissions can be applied per secret and per principal using IAM policies. This supports common patterns such as environment-specific secrets and least-privilege access for services.
AWS-centric portability constraints
AWS Secrets Manager is optimized for AWS workloads and identity controls, which can increase coupling to AWS when applications span multiple clouds or on-prem environments. While external access is possible, organizations often need additional networking, identity federation, and operational patterns to use it consistently outside AWS. This can be a limitation for teams prioritizing cloud-agnostic secret management.
Not a full PAM suite
Although it can store privileged credentials, it does not provide the broader privileged access management capabilities commonly expected in PAM platforms, such as interactive session management, privileged session recording, or just-in-time elevation workflows. Organizations with strong human-admin access governance requirements typically need complementary tools and processes. As a result, it fits best as an application and service secret store rather than a complete PAM solution.
Rotation coverage varies by target
Automated rotation is most straightforward for supported services and patterns; other systems may require custom Lambda rotation functions and additional testing and maintenance. This can introduce engineering effort and operational responsibility for non-standard targets. Teams should validate rotation feasibility for each secret type and downstream system before standardizing on the service.
Plan & Pricing
Pricing model: Pay-as-you-go Free tier/trial: Starting July 15, 2025, new AWS customers receive up to $200 in AWS Free Tier credits that can be applied to Secrets Manager; at account sign-up you can choose a free plan (available for 6 months after account creation) or a paid plan; credits must be used within 12 months. Example costs: Secret storage – $0.40 per secret per month (prorated hourly); API calls – $0.05 per 10,000 API calls. Example short-duration pricing: $0.00056 per secret-hour (calculated as $0.40 * 1 hour / (30 days * 24 hours)). Discount/options: No explicit volume discounts listed on the pricing page; AWS provides the AWS Pricing Calculator and an option to contact AWS specialists for personalized quotes.
Seller details
Amazon Web Services, Inc.
Seattle, Washington, USA
2006
Subsidiary
https://aws.amazon.com/
https://x.com/awscloud
https://www.linkedin.com/company/amazon-web-services/
