why use parameter store instead of secret manager to store data such as database passwords ?

Question

why use Session manager parameter store instead of secret manager to store critical data such as database passwords ?

Jerome Pasini Answered 1 year ago · Answer 1 · 2021-01-22 14:04:18

Jerome Pasini

Answered 1 year ago

One common reason is: because it is free and Secret Manager is not.

Adrian Mowat

Answered 1 year ago

SSM also allows you to store data in hierarchies /dev/rds/appdb/username etc

Darius Hall Answered 1 year ago · Answer 2 · 2021-01-26 04:18:04

Darius Hall

Answered 1 year ago

Here is a list of some of the differences. TL;DR is that:

Parameter Store has a 10,000 parameter limit, Secrets Manager does not
Secrets Manager can be used to generate secrets, Parameter Store you have to provide the secrets
Secrets Manager provides mechanisms and integrations for automated secrets rotation with services like RDS, Parameter store does not provide an easy path to secrets rotation
Secrets Manager supports cross account access where Parameter Store does not

Let me know if any of the above are no longer true. I was looking at a 2 year old source: https://www.1strategy.com/blog/2019/02/28/aws-parameter-store-vs-aws-secrets-manager/

2 Answers