Skip to content

AWS Secrets Manager

AWS Secrets Manager helps protect access to applications and services. Unused secrets lead to unnecessary costs and potential security risks from stale credentials.

Implementation Effort: Low - Estimated time: less than 30 minutes. Delete unused secrets via console or CLI after confirming no application references them.

What We Detect

  • Unused secrets -- Secrets that haven't been accessed in an extended period, likely from decommissioned applications or rotated credentials that were never cleaned up

Why It Matters

Each secret costs $0.40/month. Beyond cost, unused secrets may contain outdated credentials that could be exploited if compromised. Regular cleanup reduces both spend and security risk.

Recommendations

  1. Delete secrets that are no longer referenced by any application
  2. Implement a tagging strategy to track ownership and purpose
  3. Review secrets regularly as part of credential lifecycle management

Keep on chasing 🧡