Correct Answer: B, C.
AWS Secrets Manager allows users to replace authentication information in code with an API call to Secrets Manager.
This API call then retrieves the secret programmatically.
This safeguards the secret from being compromised since the secret is removed from the code.
AWS Secrets Manager automatically rotates the secret in accordance with specified schedules which allows the implementation of more secure short-term secrets.
These, in turn, reduce the risk of authentication information in code being compromised.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html
Option A is INCORRECT because AWS Secrets Manager does not encrypt authentication information whilst it is in the code.
Option D is INCORRECT because AWS Secrets Manager does not automatically rotate or update the application code.
Rather, it automatically rotates the secret in accordance with specified schedules.
Option E is INCORRECT because AWS Secrets Manager does not facilitate embedding authentication information in code during runtime.
Developers do not need to hard-code authentication information in code.
AWS Secrets Manager is a fully managed service provided by Amazon Web Services (AWS) that helps you protect secrets such as database credentials, API keys, and other sensitive information. It enables you to easily store, distribute, and manage secrets throughout their lifecycle. Secrets Manager provides a secure and scalable solution to manage secrets, reducing the risk of unauthorized access to sensitive data.
The correct statements that describe the function of AWS Secrets Manager are:
A. Encrypts authentication information in code, ensuring that it is unreadable, that is, not in plain-text.
This statement is accurate because AWS Secrets Manager encrypts the secrets using the industry-standard AES-256 encryption algorithm, ensuring that the data is secure both in transit and at rest. The encryption ensures that the authentication information is unreadable and inaccessible by unauthorized users, providing an added layer of security.
B. Replaces the need to hardcode authentication credentials in code.
This statement is also accurate because AWS Secrets Manager eliminates the need to hardcode authentication credentials in code, which can be a security risk. Instead, the secrets are stored securely in the AWS Secrets Manager, which can be accessed by authorized users and applications through API calls.
C. Makes it possible to include an API call in code that retrieves authentication information from a central repository is not a correct statement.
Although AWS Secrets Manager enables applications to access secrets using API calls, it does not retrieve authentication information from a central repository. Instead, the secrets are stored securely in the AWS Secrets Manager, which can be accessed by authorized users and applications through API calls.
D. Automatically rotates and updates the code in the application build, ensuring that repositories are kept up to date is not a correct statement.
AWS Secrets Manager does support automatic rotation of secrets, but it does not automatically update the code in the application build. Instead, applications need to be updated manually to use the new secrets after rotation.
E. Facilitates the embedding of authentication information in code during runtime is not a correct statement.
Embedding authentication information in code during runtime can be a security risk, and AWS Secrets Manager is designed to eliminate this practice. Instead, secrets are stored securely in the AWS Secrets Manager, and applications can access them through API calls.
