AWS secretsmanager documentation change
Summary
Added statement about Secrets Manager Agent using post-quantum ML-KEM key exchange by default
Security assessment
Introduces documentation for a proactive security feature (post-quantum cryptography) but does not address an existing vulnerability.
Diff
diff --git a/secretsmanager/latest/userguide/pqtls.md b/secretsmanager/latest/userguide/pqtls.md index af5fc62d1..8741d1cdc 100644 --- a//secretsmanager/latest/userguide/pqtls.md +++ b//secretsmanager/latest/userguide/pqtls.md @@ -7 +7 @@ -Secrets Manager supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to Secrets Manager API endpoints. We're offering this feature before post-quantum algorithms are standardized so you can begin testing the effect of these key exchange protocols on Secrets Manager calls. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional security benefits. However, they affect latency and throughput compared to the classic key exchange protocols in use today. +Secrets Manager supports a hybrid post-quantum key exchange option for the Transport Layer Security (TLS) network encryption protocol. You can use this TLS option when you connect to Secrets Manager API endpoints. We're offering this feature before post-quantum algorithms are standardized so you can begin testing the effect of these key exchange protocols on Secrets Manager calls. These optional hybrid post-quantum key exchange features are at least as secure as the TLS encryption we use today and are likely to provide additional security benefits. However, they affect latency and throughput compared to the classic key exchange protocols in use today. The Secrets Manager Agent uses the post-quantum ML-KEM key exchange as the highest-priority key exchange by default.