AWS AmazonECS documentation change
Summary
Clarified recommendation for choosing between Secrets Manager and Systems Manager Parameter Store by restructuring sentence flow and emphasizing feature-based selection criteria
Security assessment
The change improves guidance on secure secret management practices but does not address a specific security vulnerability. It reinforces existing security best practices without evidence of patching a flaw.
Diff
diff --git a/AmazonECS/latest/developerguide/specifying-sensitive-data.md b/AmazonECS/latest/developerguide/specifying-sensitive-data.md index a1a8812f9..7f5066e7e 100644 --- a//AmazonECS/latest/developerguide/specifying-sensitive-data.md +++ b//AmazonECS/latest/developerguide/specifying-sensitive-data.md @@ -28 +28 @@ We recommend that you do the following when setting up secrets management. -You should securely store API keys, database credentials, and other secret materials in Secrets Manager or as an encrypted parameter in Systems Manager Parameter Store. These services are similar because they're both managed key-value stores that use AWS KMS to encrypt sensitive data. Secrets Manager, however, also includes the ability to automatically rotate secrets, generate random secrets, and share secrets across accounts. If these important features, use Secrets Manager otherwise use encrypted parameters. +You should securely store API keys, database credentials, and other secret materials in Secrets Manager or as an encrypted parameter in Systems Manager Parameter Store. These services are similar because they're both managed key-value stores that use AWS KMS to encrypt sensitive data. Secrets Manager, however, also includes the ability to automatically rotate secrets, generate random secrets, and share secrets across accounts. To utilize these features, use Secrets Manager. Otherwise, use encrypted parameters in Systems Manager Parameter Store.