AWS Secrets Manager now supports hybrid post-quantum TLS to protect secrets from quantum threats
News
This article announces that AWS Secrets Manager now supports hybrid post-quantum TLS using ML-KEM to protect secrets from quantum computing threats.
- Hybrid post-quantum key exchange automatically enabled in Secrets Manager Agent, Lambda Extension, and CSI Driver
- Available in supported AWS SDKs: Rust, Go, Node.js, Kotlin, Python, and Java v2
- Protects against traditional attacks and "harvest now, decrypt later" quantum threats
- No code changes or configuration updates required for latest client versions
- Verify activation by checking CloudTrail logs for "X25519MLKEM768" key exchange algorithm
- Available in all AWS Regions supporting Secrets Manager
This release enables quantum-resistant secret retrieval without requiring application changes, automatically protecting against future quantum computing threats.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Apr 7
2025
2025
ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
Nov 21
2025
2025
AWS Application and Network Load Balancers Now Support Post-Quantum Key Exchange for TLS
Nov 19
2025
2025
AWS Secrets Manager announces managed external secrets
Nov 20
2025
2025
Amazon S3 now supports post-quantum TLS key exchange on S3 endpoints
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.