AWS Secrets Manager

AWSSecurity

Fully managed service to store, rotate, and audit secrets such as database credentials, API keys, and OAuth tokens with native rotation Lambda integrations for RDS, Redshift, and DocumentDB

FluffyStack tools
Add to Service BuilderAdd to CompareCompare with equivalentsExplore AWS in TreemapExplore security in HoneycombSee AWS regions on the World MapSee security as a networkScore jurisdiction exposure
DocumentationPricingAWS website

Jurisdictional exposure

Provider HQ
USSeattle, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACCNEEAEUUKUSOther40 regions across 7 jurisdictions
Sovereign option
Yes — 6 sovereign-flagged regions available
Full scorecard for this service →US lens detail →Sovereign cloud coverage map →

Attributes

SLA Uptime
99.9%
Encryption
Yes
Multi Region
Yes

Sub-services (3)

Secrets

Versioned encrypted secret values stored under a resource ARN

Automatic Rotation

Lambda-driven rotation schedules for database and custom secrets

Multi-Region Replication

Primary/replica replication of secrets across AWS regions

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

GDPRSOC 2ISO 27001HIPAAPCI DSSFedRAMP

Where this runs

40 regions
28 countries
6sovereign
Sovereign regions (6)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • AWS GovCloud (US-East) · AshburnAWS GovCloud (US)
  • AWS GovCloud (US-West) · HillsboroAWS GovCloud (US)
  • AWS European Sovereign Cloud (Brandenburg) · BrandenburgAWS European Sovereign Cloud
  • China (Beijing) · BeijingAWS China (Sinnet)
  • China (Ningxia) · YinchuanAWS China (NWCD)
Commercial regions (34)

Europe (8)

  • Europe (Paris)
  • Europe (Frankfurt)
  • Europe (Ireland)
  • Europe (Milan)
  • Europe (Spain)
  • Europe (Stockholm)
  • Europe (Zurich)
  • Europe (London)

North America (7)

  • Canada West (Calgary)
  • Canada (Central)
  • Mexico (Central)
  • US East (N. Virginia)
  • US West (Oregon)
  • US East (Ohio)
  • US West (N. California)

South America (1)

  • South America (São Paulo)

Asia (11)

  • Asia Pacific (Hong Kong)
  • Asia Pacific (Hyderabad)
  • Asia Pacific (Mumbai)
  • Asia Pacific (Jakarta)
  • Asia Pacific (Osaka)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Malaysia)
  • Asia Pacific (Singapore)
  • Asia Pacific (Seoul)
  • Asia Pacific (Taipei)
  • Asia Pacific (Thailand)

Oceania (3)

  • Asia Pacific (Melbourne)
  • Asia Pacific (Sydney)
  • Asia Pacific (New Zealand)

Middle East (3)

  • Middle East (Bahrain)
  • Israel (Tel Aviv)
  • Middle East (UAE)

Africa (1)

  • Africa (Cape Town)

Tags

secretscredentialsrotationapi-keyssecurity

Equivalent services on other platforms

Azure Key VaultAzure

Centralised vault for cryptographic keys, secrets, and certificates with HSM-backed keys, managed certificate renewal, and RBAC or access-policy enforcement

Secret ManagerGCP

Fully managed secret storage with automatic replication across regions, VPC Service Controls integration, CMEK encryption, version history, per-secret IAM, and rotation via Cloud Scheduler plus Cloud Run hooks — used by GKE, Cloud Run, and Compute Engine workloads

OCI VaultOracle

Centralised key and secret management service with HSM-backed symmetric and asymmetric keys, automatic rotation, and envelope encryption for OCI resources

Pricing

Pricing model:pay-as-you-go