Skip to content

AWS Secrets Manager

AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources. While it's crucial for managing sensitive information, unused secrets can lead to unnecessary costs and potential security risks.

Detection of Unused Secrets

Our system identifies unused secrets in AWS Secrets Manager by analyzing the LastAccessDate metadata. A secret is considered unused if it hasn't been accessed for a significant period, typically 90 days or more.

Cost Implications

Each secret stored in AWS Secrets Manager incurs a cost of $0.40 per month. While this may seem small for a single secret, it can add up quickly in large environments with numerous unused secrets.

Security Considerations

Beyond cost, unused secrets pose a security risk. They may contain outdated information or access credentials that are no longer needed but could be exploited if compromised.

Recommendations

  1. Regularly review and audit your secrets in AWS Secrets Manager.
  2. Delete or rotate secrets that haven't been accessed in the last 90 days.
  3. Implement a tagging strategy to track the purpose and owner of each secret.

By managing your secrets effectively, you can reduce costs, enhance security, and maintain a cleaner, more efficient AWS environment.