Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Secrets Manager Secrets Rotation Schedule

Ensure rotation of Secrets Manager secrets as per schedule.

RuleSecrets Manager secrets should be rotated as per the rotation schedule
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

Secrets stored in Secrets Manager should be rotated according to the rotation schedule specified by the National Institute of Standards and Technology (NIST) 800-53 Revision 5 guidelines. Regularly rotating secrets helps mitigate the risk of unauthorized access or misuse of sensitive information.

Troubleshooting Steps:

If you encounter any issues while rotating the secrets in Secrets Manager, follow these troubleshooting steps:

  1. 1.
    Verify the rotation schedule: Check the rotation schedule specified in the NIST 800-53 Revision 5 guidelines to ensure you are following the correct frequency for rotating secrets.
  2. 2.
    Permissions: Ensure that you have the necessary permissions and access rights to rotate secrets in Secrets Manager. Check your IAM policies and roles to confirm you have the required permissions.
  3. 3.
    Validating current secrets: Before attempting to rotate secrets, verify the current state and validity of the secrets. Validate the existing secrets to ensure they are functioning properly and not expired or nearing expiration.
  4. 4.
    Review error messages: If you encounter any error messages or issues while rotating secrets, carefully review the error details provided by Secrets Manager. These messages can provide insights into the problem and potential solutions.
  5. 5.
    Check for dependencies: Ensure that any applications or services relying on the secrets stored in Secrets Manager are aware of the rotation process. Update the relevant configurations or code to accommodate the rotated secrets.

Necessary Codes:

There are no specific codes to provide for rotating secrets in Secrets Manager as it is a service provided by AWS. However, you may need to utilize AWS CLI or SDKs to interact with Secrets Manager and implement the rotation process as discussed in the following steps.

Step-by-step Guide to Rotate Secrets in Secrets Manager:

  1. 1.
    Identify the secret to rotate: Determine which secret you need to rotate. This could be a password, API key, database connection string, or any other sensitive information stored in Secrets Manager.
  2. 2.
    Create a new secret: Generate a new secret with the updated credentials or information. This should be done outside of Secrets Manager, such as creating a new database user or generating a new API key.
  3. 3.
    Update the application or service: Make sure the application or service using the secret is prepared to handle the rotation. Modify the necessary configurations or code to accommodate the new secret.
  4. 4.
    Store the new secret: Use the AWS CLI or SDKs to store the new secret in Secrets Manager. The command would be similar to:
    aws secretsmanager create-secret --name <secret-name> --secret-string <new-secret-value>
    
    Replace
    <secret-name>
    with the name of the secret and
    <new-secret-value>
    with the actual value of the new secret. Adjust the command based on your specific requirements.
  5. 5.
    Test the new secret: Validate that the application or service can successfully retrieve and use the new secret from Secrets Manager. Ensure that all functionalities relying on the secret are working as expected.
  6. 6.
    Update rotation configuration: Configure the rotation settings for the secret in Secrets Manager. This includes specifying the rotation frequency and any required Lambda functions or rotation methods. Refer to the AWS Secrets Manager documentation for detailed instructions on setting up secret rotation.
  7. 7.
    Monitor the rotation: Regularly monitor the rotation process and check for any errors or issues reported by Secrets Manager. Ensure that the rotation is occurring as per the defined schedule.
  8. 8.
    Validate the rotation: Regularly validate the rotated secrets to confirm they are functioning properly, up-to-date, and not expired or nearing expiration. This helps maintain the security and integrity of your secrets.
  9. 9.
    Update documentation: Keep your documentation updated with the details of the secret rotation process and any changes made to the rotation schedule or configuration.

By following these steps, you can ensure that secrets stored in Secrets Manager are rotated according to the rotation schedule specified by the NIST 800-53 Revision 5 guidelines, reducing the risk of unauthorized access to sensitive information.

Is your System Free of Underlying Vulnerabilities?
Find Out Now