What are the differences between AWS Secrets Manager and KMS?
What is AWS Key Management Service (KMS)?
AWS Key Management Service (KMS) is a foundational AWS service that can create and manage cryptographic keys. KMS provides a single control point from where you can manage your keys.
KMS keys have a lot of applications across various AWS services like:
What is AWS Secrets Manager?
AWS Secrets Manager is a managed service that lets you quickly rotate, manage, and retrieve any credentials, API keys, or secrets.
Secrets Manager will encrypt and store your secret and transparently decrypt and return them to you in plaintext when you request them. One of the main benefits of Secrets Manager is that you no longer need to hard-code your credentials in code.
Integrating Secrets Manager & KMS
Secrets Manager integrates with KMS to encrypt your secret with a unique data key. When you create a new secret in Secret Manager, you get the option to choose which KMS key you want to encrypt your secret.
It is impossible to create a new secret using Secrets Manager without an encryption key managed by KMS. Secrets Manager provides a default key that you can use or create your own KMS key to encrypt the secrets.