The post describes how to centrally manage secrets across multiple AWS accounts using AWS Secrets Manager in a designated Centralized Security Account, enabling secure access, automatic rotation, and auditing of sensitive data like passwords and API keys.

<div>
<p>This article explains how to centrally manage secrets like passwords, API keys, and other credentials using AWS Secrets Manager and AWS Key Management Service (AWS KMS) in a centralized AWS account.</p>
<p>Specifically, the article covers:</p>
<ul>
<li>Creating database secrets in the centralized security account</li>
<li>Deploying Lambda rotation functions for automatic secret rotation</li>
<li>Setting up networking for Lambda to reach Secrets Manager</li>
<li>Deploying VPC peering between the centralized account and member accounts</li>
<li>Setting up resource-based policies for cross-account secret access</li>
<li>Challenges and potential solutions for a large-scale deployment</li>
</ul>
</div>


How to centrally manage secrets with AWS Secrets Manager

Related articles

Related articles

Jul 22
2024
How to use the AWS Secrets Manager Agent

Nov 19
2025
AWS Secrets Manager announces managed external secrets

Jan 9
2024
How to use AWS Secrets Manager and ABAC for enhanced secrets management in Amazon EKS

Nov 25
2025
AWS Secrets Manager launches Managed External Secrets for Third-Party Credentials