Certified Security - Specialty

Sign Up Free or Log In to participate!

why use parameter store instead of secret manager to store data such as database passwords ?

why use Session manager parameter store instead of secret manager to store critical data such as database passwords ?

2 Answers

One common reason is: because it is free and Secret Manager is not.

Adrian Mowat

SSM also allows you to store data in hierarchies /dev/rds/appdb/username etc

Here is a list of some of the differences. TL;DR is that:

  • Parameter Store has a 10,000 parameter limit, Secrets Manager does not

  • Secrets Manager can be used to generate secrets, Parameter Store you have to provide the secrets

  • Secrets Manager provides mechanisms and integrations for automated secrets rotation with services like RDS, Parameter store does not provide an easy path to secrets rotation

  • Secrets Manager supports cross account access where Parameter Store does not

Let me know if any of the above are no longer true. I was looking at a 2 year old source: https://www.1strategy.com/blog/2019/02/28/aws-parameter-store-vs-aws-secrets-manager/

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?