Services or capabilities described in this page might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China Regions. Only “Region Availability” and “Feature Availability and Implementation Differences” sections for specific services (in each case exclusive of content referenced via hyperlink) in Getting Started with Amazon Web Services in China Regions form part of the Documentation under the agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China (Beijing) Region or Amazon Web Services China (Ningxia) Region (the “Agreement”). Any other content contained in the Getting Started pages does not form any part of the Agreement.
Amazon Secrets Manager Documentation
Secure secrets storage
Amazon Secrets Manager is designed to encrypt secrets at rest using encryption keys that you own and store in Amazon Key Management Service (KMS). When you retrieve a secret, Secrets Manager decrypts the secret and transmits it securely over TLS to your local environment. By default, Secrets Manager does not write or cache the secret to persistent storage. And, you can control access to the secret using fine-grained Amazon Identity and Access Management (IAM) policies and resource-based policies. You can also tag secrets individually and apply tag-based access controls.
Automatic secrets rotation without disrupting applications
With Amazon Secrets Manager, you can rotate secrets on a schedule or on demand by using the Secrets Manager console, Amazon SDK, or Amazon CLI.
Automatic replication of secrets to multiple Amazon Web Services China Regions
With Amazon Secrets Manager, you can replicate your secrets to multiple Amazon Web Services China Regions to enable you to meet your unique disaster recovery and cross-regional redundancy requirements.
Programmatic retrieval of secrets
You can store and retrieve secrets using the Amazon Secrets Manager console, Amazon SDK, Amazon CLI, or Amazon CloudFormation. To retrieve secrets, you replace plaintext secrets in your applications with code to pull in those secrets programmatically using the Secrets Manager APIs.
Audit and monitor secrets usage
Compliance
Amazon Secrets Manager enables you to manage secrets for workloads that are subject to Department of Defense Cloud Computing Security Requirements Guide (DoD CC SRG IL2, DoD CC SRG IL4, and DoD CC SRG IL5), Federal Risk and Authorization Management Program (FedRAMP), U.S. Health Insurance Portability and Accountability Act (HIPAA), Information Security Registered Assessors Program (IRAP), Outsourced Service Provider’s Audit Report (OSPAR), ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO 9001, Payment Card Industry Data Security Standard (PCI-DSS), or System and Organization Control (SOC).
Additional Information
For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.amazonaws.cn/en_us/. This additional information does not form part of the Documentation for purposes of the Sinnet Customer Agreement for Amazon Web Services (Beijing Region), Western Cloud Data Customer Agreement for Amazon Web Services (Ningxia Region) or other agreement between you and Sinnet or NWCD governing your use of services of Amazon Web Services China Regions.
