Securely Storing Database Credentials
Question
A company security team wants to implement a solution for securely storing database credentials.
The solution should provide automatic rotation of database credentials.
What AWS service can the team use to meet these requirements?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because Key Management Service (KMS) is used to manage cryptographic keys.
Option B is incorrect because the Systems Manager Parameter Store does not provide automatic credentials rotation capability.
Option C is incorrect because the Resource Access Manager service is used for managing access to AWS resources between multiple accounts.
Option D is CORRECT because Secrets Manager can be used to store, retrieve, and automatically rotate database credentials securely.
Reference:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.htmlThe AWS service that can meet the security team's requirements for securely storing and automatically rotating database credentials is AWS Secrets Manager (option D).
AWS Secrets Manager is a service that allows the secure storage and management of secrets, such as database credentials, API keys, and other sensitive information. It allows you to rotate, manage, and retrieve secrets throughout their lifecycle, including automatic rotation of secrets. With AWS Secrets Manager, you can encrypt secrets with encryption keys from AWS Key Management Service (KMS) and control access to secrets using AWS Identity and Access Management (IAM) policies.
AWS Key Management Service (KMS) (option A) is a managed service that allows you to create and manage encryption keys that can be used to encrypt data stored in AWS services and in your own applications. While AWS KMS can help you encrypt and protect the secrets, it doesn't provide automatic rotation of database credentials like AWS Secrets Manager does.
AWS Systems Manager Parameter Store (option B) is another service that allows you to store and manage configuration data and secrets, but it doesn't provide automatic rotation of secrets.
AWS Resource Access Manager (option C) is a service that allows you to share AWS resources across multiple accounts and regions, but it doesn't provide any functionality for securely storing or rotating secrets.
In summary, AWS Secrets Manager is the service that can provide the required functionality for securely storing and automatically rotating database credentials.
